docs: add security policy

[WilliamBergamin]

Summary

• Adds a SECURITY.md to .github/ with vulnerability reporting instructions, threat model, and disclosure policy
• Directs reporters to the Slack HackerOne bug bounty program
• Defines in-scope vulnerabilities (signature bypass, token leakage, DoS, auth bypass) and out-of-scope issues

closes: #1879

Category

• slack_sdk.web.WebClient (sync/async) (Web API client)
• slack_sdk.webhook.WebhookClient (sync/async) (Incoming Webhook, response_url sender)
• slack_sdk.socket_mode (Socket Mode client)
• slack_sdk.signature (Request Signature Verifier)
• slack_sdk.oauth (OAuth Flow Utilities)
• slack_sdk.models (UI component builders)
• slack_sdk.scim (SCIM API client)
• slack_sdk.audit_logs (Audit Logs API client)
• slack_sdk.rtm_v2 (RTM client)
• /docs (Documents)
• /tutorial (PythOnBoardingBot tutorial)
• tests/integration_tests (Automated tests for this library)

Requirements

• I've read and understood the Contributing Guidelines and have done my best effort to follow them.
• I've read and agree to the Code of Conduct.
• I've run python3 -m venv .venv && source .venv/bin/activate && ./scripts/run_validation.sh after making the changes.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.13%. Comparing base (ff33cef) to head (1711571).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1881   +/-   ##
=======================================
  Coverage   84.13%   84.13%           
=======================================
  Files         117      117           
  Lines       13337    13337           
=======================================
  Hits        11221    11221           
  Misses       2116     2116           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[zimeg]

@WilliamBergamin Thanks so much for formalizing these pages 🔏