SECURITY.md: Exclude DoS from scope (mitmproxy#8171)

Author: mhils

SECURITY.md

@@ -8,6 +8,14 @@
 | most recent release | :white_check_mark: |
 | older releases      | :x:                |
 
+## Scope
+
+ - **Denial of Service (DoS):** We consider DoS vectors to be ordinary bugs and not security vulnerabilities.
+   You may post them openly on the issue tracker. We will not issue any advisories or CVEs for them.
+   The reasoning here is that mitmproxy is an interactive inspection tool, not a web server for high volume traffic.
+   It can typically be overwhelmed by sending too many requests; any DoS is just a variation of this.
+ - **All other vulnerabilities:** Please report them using the process below.
+
 ## Reporting a Vulnerability
 
 We ask that you do not report security issues to our normal GitHub issue tracker.