Add info for SECURITY.md

[PatrykKuniczak]

Instead of this comment:

## Reporting a Vulnerability

Use this section to tell people how to report a vulnerability.

Tell them where to go, how often they can expect to get an update on a
reported vulnerability, what to expect if the vulnerability is accepted or
declined, etc.

For SECURITY.md, which should be removed.
We need to add info, where people should send them vulnerability info, e.g contact @aklinker1 on email/discord or sth like that, because for now, there's no info about that.

[richardm]

Initially, I misread this as proposing the security.md file should be removed. I believe you're actually requesting that the commented code inside security.md be removed and replaced with instructions on how to report security issues. I agree this would be a useful improvement.