Please consider adding a separate security policy file #2249
Description
Please consider adding a separate SECURITY or SECURITY.md file to your distribution.
I see that you have a one-line mention of this in the Mojolicious::Guides::Contributing document, which is good. But it's not obvious for someone who finds a vulnerability to look there.
CPANSec has a guide on writing a security policy with a sample template https://security.metacpan.org/docs/guides/security-policy-for-authors.html and there is also a module https://metacpan.org/pod/Software::Security::Policy for generating one.
If that seems a bit too long, a simple small file with a contact and a note about what version version will be supported. Or see https://metacpan.org/release/BRIANDFOY/Business-ISBN-3.012/source/SECURITY.md or https://github.com/elementary/.github/blob/master/SECURITY.md for examples of very small security policies.
On a related note, GitHub supports enabling security vulnerability reporting in the repo, which creates private tickets. You may want to use that as an alternative to a single email.