Add Codex repository baseline

SECURITY.md

@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported |
+| --- | --- |
+| Latest | Yes |
+
+## Reporting A Vulnerability
+
+Report security issues privately to the project owner.
+
+Do not include secrets, production data, or private credentials in public issues.
+
+## Project Security Principles
+
+- Keep secrets out of the repository.
+- Prefer local processing for user data.
+- Document external network calls.
+- Keep release artifacts reproducible through CI once CI exists.
+- Run dependency audits before releases once dependencies exist.