chore: add SECURITY.md, CODEOWNERS, and .editorconfig

[hyunhee-jo]

Objective

The repository lacks basic governance files that reviewers and contributors
expect: no channel for reporting security issues, no automatic PR reviewer
assignment, and no shared editor configuration. This creates friction for
anyone discovering the project via PyPI or the upstream LlamaIndex docs PR.

Approach

Add three minimal governance files, aligned with the upstream
opendataloader-pdf repository:

• .github/SECURITY.md — private email channel
  (open.dataloader@hancom.com)
  for vulnerability reports, with a 3 working day response SLA.
• .github/CODEOWNERS — auto-assigns reviewers: @suji-cho for docs,
  @hyunhee-jo @bundolee @hnc-jglee for code.
• .editorconfig — shared indent (4 spaces), UTF-8, LF line endings,
  trailing whitespace handling consistent across editors.

Heavier governance docs (CONTRIBUTING, CODE_OF_CONDUCT, SUPPORT) are
intentionally omitted because this is a small integration package, not
a main engine project. Comparable external integrations
(langchain-opendataloader-pdf, argilla-llama-index, toolbox-llamaindex)
also skip them.

Evidence

Documentation and configuration files only — no runtime behavior change.

Scenario	Expected	Actual
New security report	Reporter finds SECURITY.md via GitHub's "Security" tab and private email	SECURITY.md placed under .github/ (GitHub-recognized path)
New PR opened	GitHub auto-requests review from owners per file patterns	CODEOWNERS covers *.md and *
Contributor opens repo in editor	Editor applies shared indent/charset/EOL settings	.editorconfig at root (auto-discovered by editors)

Summary by CodeRabbit

• Documentation

  • Added a confidential security vulnerability policy with private reporting guidance, maintainer response timelines, and disclosure/remediation procedures.

• Chores

  • Introduced editor formatting standards (UTF‑8, 4‑space indentation, LF line endings, final newline, trailing-whitespace rules with markdown exempted) and established repository code ownership assignments.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 632f6b8b-cfeb-4614-b52b-e407c06d0e9d

📥 Commits

Reviewing files that changed from the base of the PR and between d82b2e3 and 1a8ed66.

📒 Files selected for processing (1)

• .github/CODEOWNERS

---

Walkthrough

Adds three repository files: .editorconfig (editor/formatting rules), .github/CODEOWNERS (ownership assignments), and .github/SECURITY.md (security vulnerability reporting and handling policy).

Changes

Cohort / File(s)	Summary
Editor Configuration .editorconfig	Creates root EditorConfig: UTF-8, 4-space indent, LF line endings, insert final newline, trim trailing whitespace; disables trimming for *.md.
Repository Metadata .github/... .github/CODEOWNERS, .github/SECURITY.md	Adds CODEOWNERS assigning defaults and Markdown ownership; adds SECURITY.md describing confidential reporting via open.dataloader@hancom.com, 3-working-day acknowledgement, internal handling and announcement process.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: adding three governance/configuration files (SECURITY.md, CODEOWNERS, and .editorconfig) to the repository.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/CODEOWNERS:
- Around line 2-5: The CODEOWNERS file currently lists the generic "*" pattern
after the "*.md" pattern causing last-match-wins to assign Markdown files to the
default owners; reorder the lines so that the "*" pattern appears first and the
"*.md `@suji-cho`" line comes after it (i.e., move the "*.md `@suji-cho`" entry
below the "* `@hyunhee-jo` `@bundolee` `@hnc-jglee`" entry) so "*.md" matches last and
assigns ownership to `@suji-cho`.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: ae558894-121e-465c-aadd-6b71e0f14ee8

📥 Commits

Reviewing files that changed from the base of the PR and between 2687979 and d82b2e3.

📒 Files selected for processing (3)

• .editorconfig
• .github/CODEOWNERS
• .github/SECURITY.md