Doc: add security policy file for CBDB

SECURITY.md

@@ -0,0 +1,49 @@
+Thanks for helping make Cloudberry Database safe!
+
+---
+
+## Reporting Security Issues
+
+To report a security issue, please email
+[security@cloudberrydb.org](mailto:security@cloudberrydb.org). This
+project follows a 90-day disclosure timeline. We will publish the
+[security
+advisories](https://github.com/cloudberrydb/cloudberrydb/security/advisories)
+via GitHub.
+
+You should receive a response within 2 weeks. If for some reason you
+do not, please follow up via email to ensure we received your original
+message.
+
+Please include the requested information listed below (as much as you
+can provide) to help us better understand the nature and scope of the
+possible issue:
+
+* Type of issue (e.g. buffer overflow, SQL injection, cross-site
+  scripting, etc.)
+* Full paths of source file(s) related to the manifestation of the
+  issue
+* The location of the affected source code (tag/branch/commit or
+  direct URL)
+* Any special configuration required to reproduce the issue
+* Step-by-step instructions to reproduce the issue
+* Proof-of-concept or exploit code (if possible)
+* Impact of the issue, including how an attacker might exploit the
+  issue
+
+This information will help us triage your report more quickly.
+
+## Do not
+
+For better collaboration, we hope you:
+
+- Do not file public issues on GitHub for security vulnerabilities.
+- Do not report non-security-impacting bugs through this channel. If
+  you have any questions on using, development, please use [GitHub
+  Issues, Discussions or
+  Slack](https://github.com/cloudberrydb/cloudberrydb/issues/new/choose)
+  instead.
+
+## Preferred Languages
+
+We prefer all communications to be in English.