This PR updates the SECURITY.md file to align with a public repository model, removing references to marking security reports as "private" on external bug trackers.

Changes Made

Before: The security policy directed users to report vulnerabilities on the external calibre bug tracker at bugs.launchpad.net and explicitly instructed them to "mark it private."

After: The security policy now directs users to:

• Report security vulnerabilities by opening issues directly in this GitHub repository
• Use GitHub's private security advisories feature for sensitive security issues that require confidentiality

Rationale

This change makes the repository's security policy more appropriate for a public fork by:

1. Removing the instruction to mark reports as "private" which was specific to the upstream project's workflow
2. Simplifying the reporting process by using GitHub's native issue tracking and security advisory features
3. Updating the security response timeline to be more realistic for a community fork

Impact

• No code changes: Only documentation (SECURITY.md) was modified
• No breaking changes: The security reporting process is improved and simplified
• Users can now report security issues directly in this repository without needing to navigate to external bug trackers

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.