Add vulnerability reporting info

https://discourse.jupyter.org/t/responsible-vulnerability-reporting/655

docs/contributing/issues.md

@@ -0,0 +1,25 @@
+# Project Issues
+
+We appreciate your taking the time to report an issue you encountered using the
+Jupyter Docker Stacks. Please review the following guidelines when reporting
+your problem.
+
+* If you believe you’ve found a security vulnerability in any of the Jupyter
+  projects included in Jupyter Docker Stacks images, please report it to
+  [security@ipython.org](mailto:security@iypthon.org), not in the issue trackers
+  on GitHub. If you prefer to encrypt your security reports, you can use [this
+  PGP public
+  key](https://jupyter-notebook.readthedocs.io/en/stable/_downloads/ipython_security.asc).
+* If you think your problem is unique to the Jupyter Docker Stacks images,
+  please search the [jupyter/docker-stacks issue
+  tracker](https://github.com/jupyter/docker-stacks/issues) to see if someone
+  else has already reported the same problem. If not, please open a [new
+  issue](https://github.com/jupyter/docker-stacks/issues/new) and provide all of
+  the information requested in the issue template.
+* If the issue you're seeing is with one of the open source libraries included
+  in the Docker images and is reproducible outside the images, please file a bug
+  with the appropriate open source project.
+* If you have a general question about how to use the Jupyter Docker Stacks in
+  your environment, in conjunction with other tools, with customizations, and so
+  on, please post your question on the [Jupyter Discourse
+  site](https://discourse.jupyter.org).