create security, faq report

Signed-off-by: Avelino <31996+avelino@users.noreply.github.com>

SECURITY.md

@@ -0,0 +1,28 @@
+# Security Policy
+
+## Scope
+
+This policy covers the **awesome-go repository itself** — including the curated list, the static site generator, CI/CD workflows, and any associated tooling.
+
+If you find an issue with a **listed project** (a Go library or tool linked from the list), please report it directly to that project's maintainers, not here.
+
+## Supported Versions
+
+This is a community-maintained open source project provided as-is. There are no formal support commitments or versioned releases. The maintainers will do their best to address reports promptly and responsibly.
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in this repository, please [open an issue](https://github.com/avelino/awesome-go/issues/new).
+
+When reporting, please include:
+
+- A clear description of the vulnerability
+- Steps to reproduce (if applicable)
+- The potential impact
+- A suggested fix (if you have one)
+
+The maintainers will review and respond as quickly as possible.
+
+## Past Incidents
+
+We believe in transparency. Security issues that have been identified and fixed are tracked in the public issue history of this repository.