Add SECURITY.md and TURN server security checklist

[Axingx]

Background

WebRTC self-hosting involves security-sensitive configuration, especially around TURN credentials, exposed UDP/TCP ports, TLS certificates, and reverse proxy settings.

Goal

Add a SECURITY.md file and a practical security checklist for production-like deployments.

Tasks

• Document secure coturn credential configuration
• Warn against using default or weak passwords
• Document recommended firewall rules
• Document TLS certificate requirements
• Add notes about limiting public exposure of services
• Add a responsible disclosure contact or process

Acceptance Criteria

The repository contains clear security guidance for developers who deploy the WebRTC server stack on public servers.