I can see other Docling projects don't have a SECURITY.md file. I wonder if we need one to specify how security vulnerabilities should be disclosed responsibly. @dolfim-ibm is there a common guideline in Docling for this?

Adding a SECURITY.md file would help us adhere to the OpenSSF Best Practices as mentioned in #2 (comment)