Changing security.txt to use github security advisories page.

[dessalines]

• Fixes security.txt expires date #2332

[Nutomic]

Should we just auto-generate a date which is maybe one year in the future from the build time?

[Nothing4You]

I don't think this should just link to the github page.
Having the github page in there for the project itself is probably a good idea, but there should also be a (probably optional) instance security contact as well.
Especially for cases when instances are running an older version with known security issues fixed in the latest version, there isn't any point in raising this on github, but instead this should provide a contact to the instance owner directly.
Additionally, some things can be configuration related, such as bad caching configuration or other services on the same domain, like pict-rs, which wouldn't be for the lemmy project itself.

[dessalines]

Having the github page in there for the project itself is probably a good idea, but there should also be a (probably optional) instance security contact as well.

@Nothing4You That's another good argument for removing this entirely, and just letting instance runners serve their own security.txt .

@Nutomic Okay I've added a build date to the dockerfile.

[Nothing4You]

Maybe it could be integrated in lemmy-ansible instead?

[dessalines]

I'd rather not add complication and extra configuring there.

[urda]

A unit test should be included that FAILS when we pass the expire date again.

[dessalines]

This is ready to go IMO. @SleeplessOne1917 take a look.