docs(security): add bulk reporting policy with block warning

Uncoordinated bulk vulnerability submissions have caused significant
disruption. Added a prominent notice requiring prior coordination for
bulk reports, with clear consequences: closure without review and
potential blocking of repeated offenders.

.github/SECURITY.md

@@ -1,5 +1,13 @@
 # Security Policy
 
+> [!IMPORTANT]
+> **Bulk Reporting Policy:** If you need to submit multiple vulnerability reports in bulk, **you must contact us first** (support@quantumnous.com) to coordinate the submission process. Uncoordinated bulk submissions have caused significant disruption to our team, and we will take the following actions:
+>
+> 1. **All uncoordinated bulk reports will be closed without review.**
+> 2. **Repeated offenders may be blocked** from further submissions.
+>
+> We welcome thorough security research, but please reach out before submitting multiple reports.
+
 ## Supported Versions
 
 We provide security updates for the following versions: