docs: add a SECURITY.md file

SECURITY.md

@@ -0,0 +1,38 @@
+<!--
+SPDX-FileCopyrightText: 2024 Ali Sajid Imami
+
+SPDX-License-Identifier: MIT
+-->
+
+# Security Policy
+
+## Supported Versions
+
+This plugin will always support the **current** and **previous three releases** of Neovim. The plugin may have an irregular release schedule, so please ensure your Neovim version is within the supported range to receive updates and fixes.
+
+| Neovim Version | Supported          |
+| -------------- | ------------------ |
+| Nightly        | :white_check_mark: |
+| Stable         | :white_check_mark: |
+| Stable - 1     | :white_check_mark: |
+| Stable - 2     | :white_check_mark: |
+| Stable - 3     | :white_check_mark: |
+| Older versions | :x:                |
+
+## Reporting a Vulnerability
+
+If you discover any security vulnerabilities or potential issues, please follow these steps to report them:
+
+1. **Do not publicly disclose** the vulnerability until a fix is available.
+2. Email [[email protected]](mailto:[email protected]) with details of the vulnerability, including:
+   - Steps to reproduce the issue.
+   - A detailed description of the security impact.
+   - Potential fixes or recommendations if available.
+3. You will receive an acknowledgment within **48 hours** of your report.
+
+Once the issue has been assessed, we will provide a timeline for a fix and release. Security patches will be backported for all supported versions of Neovim.
+
+## Vulnerability Disclosure Timeline
+
+- We aim to resolve critical vulnerabilities within **7 days** of being reported.
+- Non-critical vulnerabilities will be handled during regular development cycles and addressed in future updates.