docs: add SECURITY.md with vulnerability reporting policy

[RehanAhmad25]

Summary

This PR adds a SECURITY.md file to the repository root. DevCard currently has no security policy defined, leaving contributors and users with no safe, private channel to report vulnerabilities. This change establishes a responsible disclosure process in line with GitHub's recommended best practices.

Closes #293

---

Type of Change

• Bug fix
• New feature
• Refactor (no functional change)
• UI / Design change
• Tests only
• Documentation
• Infrastructure / DevOps
• Security

---

What Changed

• Added SECURITY.md at the root of the repository
• Defined supported versions with a version support table
• Added vulnerability reporting instructions via the maintainer's GitHub profile
• Included a clear response timeline for reported vulnerabilities
• Outlined a responsible disclosure policy

---

How to Test

1. Navigate to the repository root and confirm SECURITY.md exists
2. Open the file and verify all sections render correctly on GitHub
3. Visit the Security tab on GitHub — the policy should now be detected and displayed automatically

---

Checklist

• My code follows the project's coding style (pnpm -r run lint passes).
• TypeScript compiles without errors (pnpm -r run typecheck).
• I have added or updated tests for the changes I made.
• All tests pass locally (pnpm -r run test).
• I have updated documentation where necessary.
• No new console.log or debug statements left in the code.
• Breaking changes are documented in this PR description.

---

Screenshots / Recordings

Not applicable — documentation-only change with no visual impact.