Security md update (#32370)

* updating SECURITY.md to indicate supported versions

* updating vulnerability reporting guidelines

* chore: format

Co-authored-by: gatsbybot <mathews.kyle+gatsbybot@gmail.com>

SECURITY.md

@@ -13,4 +13,8 @@ The following versions are currently being supported with security updates.
 
 ## Reporting a Vulnerability
 
-Please email security@gatsbyjs.com
+If you believe you have found a security issue with any of Gatsby's open source or commercial offerings, we would love to receive your report! Security findings can be emailed to security@gatsbyjs.com.
+
+When reporting a security issue, describe the issue in detail and include steps to reproduce. The more detail provided, the more likely we will be able to reproduce the issue and determine a course of action.
+
+Please do not report findings from `npm audit`. We are aware of package dependency issues that are reported by this tool and do review these reports. In many cases the issues reported by `npm audit` are misleading and do not present a tangible/exploitable security risk for Gatsby users.