Add SECURITY.md with vulnerability reporting and security guidelines

[Copilot]

Establishes security policy and vulnerability disclosure procedures for the repository.

Added Components

• Vulnerability Reporting: Private disclosure via security@base.org with 48hr SLA, includes required information checklist
• Version Support Policy: Security patches for latest release only
• Best Practices:
  • Contributors: Secrets handling, dependency auditing, input validation, secure coding patterns
  • Users: HTTPS enforcement, key protection, contract verification, hardware wallet usage
• Bug Bounty Program: Reference to base.org/bug-bounty with contact details
• Security Audits: Links to existing BLOCKCHAIN_AUDIT_REPORT.md
• Disclosure Policy: 4-step response workflow for security reports
• Resources: OWASP Top Ten, Web3 security documentation, Base docs

File structure follows GitHub security advisory standards with web3-specific guidance appropriate for blockchain application repositories.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.