Add SECURITY-POLICY.md and SECURITY-REPORT-TEMPLATE.md at the repository
root and replace the .github/SECURITY.md stub with a short pointer.
SECURITY-POLICY.md is intentionally terse and discretionary, matching
OpenSSL and Mbed TLS practice. It states the CVE-filing criterion,
severity tiers, categories not considered CVE-eligible, coordinated-
disclosure practice, and credit.
SECURITY-REPORT-TEMPLATE.md is a structured report template whose use is
mandatory for CVE consideration. It requires a reachability trace,
attacker model, working proof-of-concept, and a related-work check
against open pull requests and recent commits.
All reports route to support@wolfssl.com.