Create Security Policy

[diogoteles08]

Hi, I'd like to suggest that Whisper adopt a security policy that not only allows security researchers to privately report security vulnerabilities in Whisper, but also informs users of common security practices they should consider when using it.

The Security Policy is a GitHub standard document (SECURITY.md) that can be found in the "Security Tab", as you can see in the following image:

This information will benefit:

1. the user, that will have guidelines on how to safely run a model for their application
2. the project, that can avoid receiving false positive vulnerability reports

---

In this PR I'm sending a draft of the document that I created considering the (very little) context I have from whisper, so feel free to adapt and enhance it the way it better suits you -- I'm also available to make any desired edits. FWI, I've written this considering that:

• Whisper users shouldn't have any concern related to "running untrusted models", as, AFAIU, whisper can be run with a limited set of models provided by openAI itself.

Regarding how the users should report vulnerabilities, my draft is considering the report vulnerability through security advisory, which is a new GitHub feature that must be activated for the repository. It can be easily and quickly done following this steps:

1. Open the repo's settings
2. Click on Code security & analysis
3. Click "Enable" for "Private vulnerability reporting (Beta)"

If you rather use another vehicle to report vulnerability (e.g. sending them through an email or any other platform), let me know and I can submit the change.

Context

I'm Diogo and I work on Google's Open Source Security Team(GOSST) in cooperation with the Open Source Security Foundation (OpenSSF). My core job is to suggest and implement security changes on widely used open source projects 😊