Revise SECURITY.md for version support and reporting

Updated the security policy to reflect supported versions and reporting procedures.

Author: danez

SECURITY.md

@@ -0,0 +1,26 @@
+# Security Policy
+
+## Supported Versions
+
+react-docgen encourages users to upgrade to the [latest version](https://github.com/reactjs/react-docgen/releases).
+
+Only the latest released version of react-docgen is actively supported. When reporting bugs or security issues, we encourage you to first upgrade to the latest version and confirm that the problem still exists.
+
+We patch bugs and security relevant issues in the latest version and recommend upgrading. react-docgen goes to great length to ensure backwards compatibility so upgrading is almost always painless.
+
+We will backport security fixes if needed to the last 4 previous major versions.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| [v8](https://github.com/reactjs/react-docgen/releases) | :white_check_mark: |
+| [v7](https://github.com/reactjs/react-docgen/releases) | :white_check_mark: |
+| [v6](https://github.com/reactjs/react-docgen/releases) | :white_check_mark: |
+| [v5](https://github.com/reactjs/react-docgen/releases) | :white_check_mark: |
+| [v4](https://github.com/reactjs/react-docgen/releases) | :white_check_mark: |
+| v3 or older   | :x:                |
+
+## Reporting a Vulnerability
+
+Security vulnerabilities should be reported by drafting a [Security Advisory](https://github.com/reactjs/react-docgen/security/advisories/new) directly on github or through [Tidelift](https://tidelift.com/docs/security).
+
+You can also reach out to the maintainer directly at Keybase `@danez_gh` or Matrix `@danez_gh:matrix.org`