Add a security.txt file

https://securitytxt.org/

SECURITY.md

@@ -2,4 +2,6 @@
 
 We take the security of Wagtail, and related packages we maintain, seriously. If you have found a security issue with any of our projects please email us at security@wagtail.org so we can work together to find and patch the issue. We appreciate responsible disclosure with any security related issues, so please contact us first before creating a Github issue.
 
-If you want to send an encrypted email (optional), the public key ID for security@wagtail.org is 0xbed227b4daf93ff9, and this public key is available from most commonly-used keyservers.
+If you want to send an encrypted email (optional), the public key ID for security@wagtail.org is [0xbed227b4daf93ff9](https://keyserver.ubuntu.com/pks/lookup?search=0xbed227b4daf93ff9&fingerprint=on&op=index), and this public key is available from most commonly-used keyservers.
+
+This information can also be found in our security.txt: https://docs.wagtail.org/.well-known/security.txt

docs/conf.py

@@ -170,7 +170,7 @@ html_static_path = ["_static"]
 # Add any extra paths that contain custom files (such as robots.txt or
 # .htaccess) here, relative to this directory. These files are copied
 # directly to the root of the documentation.
-html_extra_path = ["robots.txt"]
+html_extra_path = ["public"]
 
 # If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
 # using the given strftime format.

docs/public/.well-known/security.txt

@@ -0,0 +1,6 @@
+Contact: mailto:security@wagtail.org
+Preferred-Languages: en
+Canonical: https://docs.wagtail.org/.well-known/security.txt
+Encryption: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x220b7102b615b692e37d886dbed227b4daf93ff9
+Expires: 2024-01-27T19:43:00.000Z
+Policy: https://github.com/wagtail/wagtail/security/policy