docs: strengthen public security signals

.github/ISSUE_TEMPLATE/bug_report.md

@@ -10,6 +10,8 @@ assignees: ''
 
 A clear and concise description of what the bug is. We suggest using English for better global understanding.
 
+If you believe the issue may allow unsafe deletion, path validation bypass, privilege boundary bypass, or release/install integrity issues, do not file a public bug report. Report it privately using the contact details in `SECURITY.md`.
+
 ## Steps to reproduce
 
 1. Run command: `mo ...`

.github/ISSUE_TEMPLATE/config.yml

@@ -1,5 +1,8 @@
 blank_issues_enabled: false
 contact_links:
+  - name: Private Security Report
+    url: mailto:hitw93@gmail.com?subject=Mole%20security%20report
+    about: Report a suspected vulnerability privately instead of opening a public issue
   - name: Telegram Community
     url: https://t.me/+GclQS9ZnxyI2ODQ1
     about: Join our Telegram group for questions and discussions