Reporting security vulnerabilities

If you find a security vulnerability in our code, do not make an issue for it. Instead, go to the Security tab and report it there so it's not visible to the public.

TTLLVBTA (Things that look like vulnerabilities but aren't)

• .env files - These are for firebase, and we have controls so that the production database can't be accessed when not on our vercel hosting
• .yml or .yaml files - These are actions for GitHub.