Add SECURITY.md policy file

- Document supported versions (6.0.0+)

- Add vulnerability reporting process

- Specify security update policy for minor versions

Author: polRk

SECURITY.md

@@ -0,0 +1,35 @@
+# Security Policy
+
+## Supported Versions
+
+We officially support version **6.0.0 and above** of the YDB JavaScript SDK packages.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 6.x.x   | :white_check_mark: |
+| < 6.0.0 | :x:                |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please do **NOT** open a public issue. Instead, please report it privately:
+
+**Email:** security@ydb.tech
+
+**Subject:** Security Vulnerability Report - YDB JS SDK
+
+Please include:
+
+- A description of the vulnerability
+- Steps to reproduce the issue
+- Potential impact
+- Suggested fix (if any)
+
+## Security Updates
+
+- Security patches are applied to the latest minor version of the current major version
+- Users are encouraged to upgrade to the latest version to receive security updates
+- Versions below 6.0.0 do not receive security updates
+
+## Node.js Version Requirements
+
+This SDK requires Node.js version **20.19.0 or higher**. Please ensure you're using a supported Node.js version to receive security updates from the Node.js project.