docs: add SECURITY.md for vulnerability reporting

Add security policy with bilingual instructions (English/Chinese) for
reporting vulnerabilities via GitHub Private Vulnerability Reporting
or email contact.

Closes #879

Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>

SECURITY.md

@@ -0,0 +1,52 @@
+# Security Policy / 安全政策
+
+## Supported Versions / 支持的版本
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 3.x     | :white_check_mark: |
+| < 3.0   | :x:                |
+
+## Reporting a Vulnerability / 报告漏洞
+
+### English
+
+If you discover a security vulnerability in AutoBangumi, please report it responsibly:
+
+1. **GitHub Private Vulnerability Reporting** (Recommended): Use [GitHub's private vulnerability reporting feature](https://github.com/EstrellaXD/Auto_Bangumi/security/advisories/new) to submit your report securely.
+
+2. **Email**: Contact the maintainer directly at the email associated with the GitHub account [@EstrellaXD](https://github.com/EstrellaXD).
+
+**Please do NOT:**
+- Open a public GitHub issue for security vulnerabilities
+- Disclose the vulnerability publicly before it has been addressed
+
+**What to include in your report:**
+- Description of the vulnerability
+- Steps to reproduce the issue
+- Potential impact
+- Any suggested fixes (optional)
+
+We will acknowledge receipt of your report within 48 hours and work to address the issue promptly.
+
+---
+
+### 中文
+
+如果您在 AutoBangumi 中发现安全漏洞，请通过以下方式负责任地报告：
+
+1. **GitHub 私密漏洞报告**（推荐）：使用 [GitHub 的私密漏洞报告功能](https://github.com/EstrellaXD/Auto_Bangumi/security/advisories/new) 安全地提交您的报告。
+
+2. **邮件**：直接联系维护者，使用 GitHub 账户 [@EstrellaXD](https://github.com/EstrellaXD) 关联的邮箱。
+
+**请勿：**
+- 在公开的 GitHub Issue 中报告安全漏洞
+- 在漏洞被修复之前公开披露
+
+**报告中请包含：**
+- 漏洞描述
+- 复现步骤
+- 潜在影响
+- 修复建议（可选）
+
+我们将在 48 小时内确认收到您的报告，并尽快处理该问题。