Enhance security policy with reporting guidelines

Updated the security policy to include a section on reporting vulnerabilities and guidelines for responsible disclosure.

SECURITY.md

@@ -0,0 +1,46 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+The WeKnora team takes security vulnerabilities seriously.  
+We appreciate your efforts to responsibly disclose any security issues you discover.
+
+⚠️ **Please do NOT report security vulnerabilities through public GitHub issues.**
+
+### Preferred reporting method
+
+We recommend reporting security vulnerabilities using GitHub’s private vulnerability reporting feature:
+
+1. Go to the **Security** tab of this repository
+2. Click **“Report a vulnerability”**
+3. Fill in the details and submit the report
+
+This allows us to discuss, investigate, and fix the issue privately.
+
+### Alternative contact
+
+If you are unable to use GitHub’s Security Advisory feature, you may contact the maintainers through the repository owners.
+
+> Please avoid sharing sensitive information publicly.
+
+### What to include in your report
+
+To help us understand and resolve the issue quickly, please include:
+
+- A clear description of the vulnerability
+- Steps to reproduce (proof-of-concept if available)
+- The affected version(s)
+- Potential impact and severity
+- Any suggested mitigations or fixes (if known)
+
+### Response timeline
+
+We aim to:
+- Acknowledge receipt of your report within **48 hours**
+- Provide a status update as the investigation progresses
+
+### Coordinated disclosure
+
+We kindly ask reporters to follow responsible disclosure practices and allow us reasonable time to address the issue before any public disclosure.
+
+Thank you for helping keep **WeKnora** and its users secure.