docs: expand SECURITY.md with disclosure policy and audit references

[IAM-CW]

Related Issue

There are no existing issues. The current SECURITY.md was created in response to an OpenZeppelin audit recommendation (PR #774), but it contains only a bug bounty link and an email address. For a protocol with billions in TVL and a $15.5M bug bounty, this file should provide comprehensive security guidance.

Description of changes

This now expands SECURITY.md from a minimal placeholder into a complete security policy.

Added:

• Vulnerability reporting instructions with what to include
• Response timeline table (24hr acknowledgment through 90-day disclosure)
• Bug bounty program summary referencing the $15.5M program
• Audit table linking to the OpenZeppelin report
• Supported versions table covering v1 through v4
• Additional resources section

Preserved:

• Original contact channels (bug bounty URL and security@uniswap.org)
• Careers link

All content is sourced from publicly available information on uniswap.org and the OpenZeppelin audit report.