Add security email for sensitive reports

.github/CONTRIBUTING.md

@@ -21,6 +21,11 @@ If your issue involves installing, updating or resolving dependencies, the
 chance of us being able to reproduce your issue will be much higher if you
 share your `composer.json` with us.
 
+Security Reports
+----------------
+
+Please send any sensitive issue to [security@packagist.org](mailto:security@packagist.org). Thanks!
+
 Installation from Source
 ------------------------
 

README.md

@@ -47,6 +47,11 @@ Authors
 
 See also the list of [contributors](https://github.com/composer/composer/contributors) who participated in this project.
 
+Security Reports
+----------------
+
+Please send any sensitive issue to [security@packagist.org](mailto:security@packagist.org). Thanks!
+
 License
 -------