Add SECURITY.md with unified security policy

[Copilot]

Establishes the repository's first security policy documenting vulnerability reporting procedures, supported versions, and security best practices.

Changes

• SECURITY.md: New file at repository root with:
  • Private vulnerability reporting workflow via GitHub Security tab
  • Email reporting alternative (security@wgtechlabs.com)
  • Supported versions table (1.x supported, <1.0 unsupported)
  • Security best practices for contributors
  • Recognition program for security researchers

Original prompt

Create SECURITY.md

Create a new SECURITY.md file at the root of the repository with the unified security policy.

New SECURITY.md Content

# 🔒 Security Policy

## 🚨 Reporting Security Vulnerabilities

We take security seriously. If you discover a security vulnerability, please report it responsibly: 

### Private Vulnerability Reporting (Recommended)

This repository has **private vulnerability reporting** enabled.  You can securely report vulnerabilities directly through GitHub: 

1. Navigate to the [**Security**](../../security) tab
2. Click [**Advisories**](../../security/advisories)
3. Click **"Report a vulnerability"** button
4. Fill out the vulnerability details

This allows us to discuss and fix the issue privately before any public disclosure. 

### Email Reporting

Alternatively, you can email us at **[security@wgtechlabs.com](mailto:security@wgtechlabs.com)**

**Please do NOT report security vulnerabilities through public GitHub issues.**

### What to Include

- Clear description of the vulnerability
- Steps to reproduce
- Potential impact
- Your environment details (Node.js version, OS, etc.)

### Response Timeline

- **Initial Response**: Within 48 hours
- **Status Updates**: Every 3-5 business days
- **Resolution**: Critical issues resolved within 7 days

## 🛡️ Supported Versions

We provide security updates for the following versions.  If you're using an unsupported version, please upgrade to receive security patches. 

| Version | Supported          |
| ------- | ------------------ |
| 1.x     | ✅ Yes             |
| < 1.0   | ❌ No              |

## 🔐 Security Best Practices

When contributing or deploying:  

- ✅ Never commit secrets, API keys, or credentials
- ✅ Always use environment variables for sensitive data
- ✅ Keep dependencies updated
- ✅ Use HTTPS/TLS for all endpoints
- ✅ Enable security scanning (Dependabot, CodeQL)

## 🏆 Recognition

While we don't offer monetary rewards, we deeply value security researchers and provide:  

- Public acknowledgment in security advisories (with permission)
- Recognition in our security contributors hall of fame
- Professional references for your security work

Thank you for helping keep our projects secure!  🙏

---

🔐 with ❤️ by [Waren Gonzaga](https://warengonzaga.com) under [WG Technology Labs](https://wgtechlabs.com) and [Him](https://www.youtube.com/watch?v=HHrxS4diLew&t=44s) 🙏

Requirements

• Create a new SECURITY.md file at the root directory
• Maintain proper markdown formatting
• This is the first security policy for this repository

This pull request was created as a result of the following prompt from Copilot chat.

Create SECURITY.md

Create a new SECURITY.md file at the root of the repository with the unified security policy.

New SECURITY.md Content

# 🔒 Security Policy

## 🚨 Reporting Security Vulnerabilities

We take security seriously. If you discover a security vulnerability, please report it responsibly: 

### Private Vulnerability Reporting (Recommended)

This repository has **private vulnerability reporting** enabled.  You can securely report vulnerabilities directly through GitHub: 

1. Navigate to the [**Security**](../../security) tab
2. Click [**Advisories**](../../security/advisories)
3. Click **"Report a vulnerability"** button
4. Fill out the vulnerability details

This allows us to discuss and fix the issue privately before any public disclosure. 

### Email Reporting

Alternatively, you can email us at **[security@wgtechlabs.com](mailto:security@wgtechlabs.com)**

**Please do NOT report security vulnerabilities through public GitHub issues.**

### What to Include

- Clear description of the vulnerability
- Steps to reproduce
- Potential impact
- Your environment details (Node.js version, OS, etc.)

### Response Timeline

- **Initial Response**: Within 48 hours
- **Status Updates**: Every 3-5 business days
- **Resolution**: Critical issues resolved within 7 days

## 🛡️ Supported Versions

We provide security updates for the following versions.  If you're using an unsupported version, please upgrade to receive security patches. 

| Version | Supported          |
| ------- | ------------------ |
| 1.x     | ✅ Yes             |
| < 1.0   | ❌ No              |

## 🔐 Security Best Practices

When contributing or deploying:  

- ✅ Never commit secrets, API keys, or credentials
- ✅ Always use environment variables for sensitive data
- ✅ Keep dependencies updated
- ✅ Use HTTPS/TLS for all endpoints
- ✅ Enable security scanning (Dependabot, CodeQL)

## 🏆 Recognition

While we don't offer monetary rewards, we deeply value security researchers and provide:  

- Public acknowledgment in security advisories (with permission)
- Recognition in our security contributors hall of fame
- Professional references for your security work

Thank you for helping keep our projects secure!  🙏

---

🔐 with ❤️ by [Waren Gonzaga](https://warengonzaga.com) under [WG Technology Labs](https://wgtechlabs.com) and [Him](https://www.youtube.com/watch?v=HHrxS4diLew&t=44s) 🙏

Requirements

• Create a new SECURITY.md file at the root directory
• Maintain proper markdown formatting
• This is the first security policy for this repository

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[Copilot]

Pull request overview

This PR establishes the repository's first security policy by adding a comprehensive SECURITY.md file at the root level. The document provides clear guidelines for vulnerability reporting, supported versions, security best practices, and recognition for security researchers.

Key Changes:

• New SECURITY.md file with structured security policy documentation
• Private vulnerability reporting workflow via GitHub Security tab and email alternative
• Supported versions table indicating 1.x is supported while versions < 1.0 are not

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.