So I wanted to add a GitHub security policy, since presumably people will
start checking those for information regarding sec vuln disclosures (the PR
is here: https://github.com/apache/trafficcontrol/pull/3757). One of the
things they wanted to know, though, was what releases are receiving
security updates. Which is something that isn't described anywhere afaik.
So what I put in there for now was 2.2.x and 3.0.x But with 3.1.0 coming
soon, will we be dropping support for one or both of those? What's the
'official' policy on that?
