openSUSE/docbuild

AI Summary: This issue proposes adding a `SECURITY.md` file to the repository, driven by the recent implementation of CodeQL scanning. The primary goal is to establish a security policy that provides a private channel for researchers to report vulnerabilities, preventing them from being disclosed publicly via standard issues.

AI Summary: Implement a missing validation check in the SUSE documentation build process (docbuild) to ensure that references within XML configuration files (e.g., sbp.xml) are valid and point to existing products. This involves modifying the `create_stitchfile` function in `src/docbuild/config/xml/stitch.py` to utilize the `global-check-ref-list.xsl` stylesheet for validation and ensuring that the build process fails when invalid references are detected.