Document a metaproject security policy

Considering the year of heartbleed, shell shock, and POODLE exploits, as well as internal vulnerabilities and high profile attention catchers, a security page might help folks in tricky situations determine if their Tor component is secure. Right now security advisories are published on the blog and there's no formal maintenance window.

As with #13966 (moved) (exploit reporting), it might be useful to study FreeBSD security information and pick out the parts we'd like to apply.

Trac:
Username: michael