docs: Update SECURITY.md to match ecosystem changes and standards

[mpguerra]

Motivation

Updating our actual security process and making it compatible with other ecosystem processes

Solution

Remove references to ECC, add Signal handles, describe process for non critical disclosures.

Tests

N/A

Specifications & References

https://github.com/zcash/.github/blob/main/SECURITY.md

Follow-up Work

Update z.cash website

AI Disclosure

• No AI tools were used in this PR
• AI tools were used: Claude used to help me draft content

PR Checklist

• The PR title follows conventional commits format: type(scope): description
• The PR follows the contribution guidelines.
• This change was discussed in an issue or with the team beforehand.
• The solution is tested.
• [] The documentation and changelogs are up to date.

[Copilot]

Pull request overview

This PR updates SECURITY.md to modernize the Zcash Foundation's vulnerability disclosure process for Zebra and align it with the broader Zcash ecosystem process (zcash/.github/SECURITY.md). It removes the now-defunct Electric Coin Company reference, introduces a Signal-based channel for critical reports, points non-critical reports to GitHub's private advisory feature, and demotes email/PGP to a fallback channel.

Changes:

• Replaces the single "submit to security@zfnd.org" path with a tiered process: Signal for critical issues, GitHub "Report a Vulnerability" for everything else, and email/PGP as a fallback.
• Updates the bilateral-disclosure contact from "The Electric Coin Company" to the "Zcash Open Development Lab (ZODL)" with a link to the ecosystem SECURITY.md.
• Fixes a subject/verb grammar issue ("has" → "have") in the "Sending Disclosures" section.

Process note: per the repository's contribution guidelines, the PR description leaves the "discussed in an issue or with the team" checkbox unchecked, and the conventional-commit title marks this docs change as breaking (fix(docs)!), which is unusual for a documentation-only update.