docs: add policy about AI-generated security reports

We receive a large number of AI-generated security reports and don't have the resources to review them all. This policy clarifies that such submissions will result in an automatic ban to protect our maintainers' time.

SECURITY.md

@@ -1,5 +1,11 @@
 # Security
 
+## IMPORTANT
+
+We do not accept AI generated security reports. We receive a large number of
+these and we absolutely do not have the resources to review them all. If you
+submit one that will be an automatic ban from the project.
+
 ## Threat Model
 
 ### Overview