docs: add SECURITY.md (#9062)

* docs: add SECURITY.md

This moves existing security policy from README to SECURITY.md
which has a special meaning on Github:
https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository

* style: editoral fix

Co-authored-by: Steve Loeppky <biglep@protocol.ai>

README.md

@@ -48,9 +48,9 @@ Before opening an issue, consider using one of the following locations to ensure
     - [Guix](#guix)
     - [Snap](#snap)
     - [macOS package managers](#macos-package-managers)
-    - [MacPorts](#MacPorts)
+    - [MacPorts](#macports)
     - [Nix](#nix-macos)
-    - [Homebrew](#Homebrew)
+    - [Homebrew](#homebrew)
   - [Windows package managers](#windows-package-managers)
     - [Chocolatey](#chocolatey)
     - [Scoop](#scoop)
@@ -62,9 +62,11 @@ Before opening an issue, consider using one of the following locations to ensure
       - [OpenSSL](#openssl)
     - [Troubleshooting](#troubleshooting)
   - [Updating go-ipfs](#updating-go-ipfs)
+    - [Using ipfs-update](#using-ipfs-update)
+    - [Downloading IPFS builds using IPFS](#downloading-ipfs-builds-using-ipfs)
 - [Getting Started](#getting-started)
-  - [Some things to try](#some-things-to-try)
   - [Usage](#usage)
+  - [Some things to try](#some-things-to-try)
   - [Troubleshooting](#troubleshooting-1)
 - [Packages](#packages)
 - [Development](#development)
@@ -78,11 +80,7 @@ Before opening an issue, consider using one of the following locations to ensure
 
 ## Security Issues
 
-The IPFS protocol and its implementations are still in heavy development. This means that there may be problems in our protocols, or there may be mistakes in our implementations. And -- though IPFS is not production-ready yet -- many people are already running nodes in their machines. So we take security vulnerabilities very seriously. If you discover a security issue, please bring it to our attention right away!
-
-If you find a vulnerability that may affect live deployments -- for example, by exposing a remote execution exploit -- please send your report privately to security@ipfs.io. Please DO NOT file a public issue.
-
-If the issue is a protocol weakness that cannot be immediately exploited or something not yet deployed, just discuss it openly.
+Please follow [`SECURITY.md`](SECURITY.md).
 
 ## Install
 
@@ -168,7 +166,9 @@ $ sudo snap install ipfs
 
 The snap sets `IPFS_PATH` to `SNAP_USER_COMMON`, which is usually `~/snap/ipfs/common`. If you want to use `~/.ipfs` instead, you can bind-mount it to `~/snap/ipfs/common` like this:
 
-```sudo mount --bind ~/.ipfs ~/snap/ipfs/common```
+```
+$ sudo mount --bind ~/.ipfs ~/snap/ipfs/common
+```
 
 If you want something more sophisticated to escape the snap confinement, we recommend using a different method to install `go-ipfs` so that it is not subject to snap confinement.
 

SECURITY.md

@@ -0,0 +1,20 @@
+# Security Policy
+
+The IPFS protocol and its implementations are still in heavy development. This
+means that there may be problems in our protocols, or there may be mistakes in
+our implementations. We take security
+vulnerabilities very seriously. If you discover a security issue, please bring
+it to our attention right away!
+
+## Reporting a Vulnerability
+
+If you find a vulnerability that may affect live deployments -- for example, by
+exposing a remote execution exploit -- please **send your report privately** to
+security@ipfs.io. Please **DO NOT file a public issue**.
+
+If the issue is a protocol weakness that cannot be immediately exploited or
+something not yet deployed, just discuss it openly.
+
+## Reporting a non security bug
+
+For non-security bugs, please simply file a GitHub [issue](https://github.com/ipfs/go-ipfs/issues/new/choose).