feat: security policy & dependabot (#60)

* feat: add dependabot yml and security policy

SECURITY.md

@@ -0,0 +1,22 @@
+# Security Policy
+
+- [Security Policy](#security-policy)
+  - [Reporting security problems](#reporting-security-problems)
+  - [Vulnerability Management Plans](#vulnerability-management-plans)
+    - [Critical Updates And Security Notices](#critical-updates-and-security-notices)
+
+<a name="reporting"></a>
+## Reporting security problems
+
+**DO NOT CREATE AN ISSUE** to report a security problem. Instead, please
+send an email to contact@external-secrets.io
+
+<a name="vulnerability-management"></a>
+## Vulnerability Management Plans
+
+### Critical Updates And Security Notices
+
+We learn about critical software updates and security threats from these sources
+
+1. GitHub Security Alerts
+2. [Dependabot](https://dependabot.com/) Dependency Updates

dependabot.yml

@@ -0,0 +1,16 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"