docs: add security policy and clarify support/network boundaries

[Copilot]

This updates the user-facing docs so first-time users can quickly understand how to report security issues, which platforms are supported, and what network activity to expect from update checks. It separates the security reporting policy from the README while making the support boundary easier to scan.

• Security policy

  • add SECURITY.md as the primary source for vulnerability reporting
  • document private disclosure via harumiweb.security@gmail.com
  • state best-effort response expectations
  • define supported-version policy in terms of the latest and very recent releases

• Platform / support scope

  • add a concise Support Policy section to README.md and README.en.md
  • explicitly list Windows / macOS / Linux as supported OSes
  • clarify that audio playback is supported on macOS / Windows
  • clarify that Linux remains usable for learning without audio
  • note that support scope may change over time

• Network / update checks

  • add a clearer Network / 更新チェック / Network / Update Checks summary in both READMEs
  • state that normal study flows are local-first and offline-capable
  • clarify that update checks are optional and non-blocking
  • briefly describe the network payload as lightweight latest-release metadata
  • call out offline / timeout behavior and the existing disable switch

Example of the added policy surface:

## Support Policy

- supported operating systems are Windows, macOS, and Linux
- audio playback currently targets macOS and Windows
- on Linux, the core learning features remain available without audio playback

## Network / Update Checks

- update checks are optional helper behavior
- the request is only used to fetch lightweight release metadata such as the latest version and release URL
- timeouts and offline failures are skipped silently so they do not interrupt study sessions

---

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

_{TIP This summary will be updated as you push new changes. Give us feedback}

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no bugs or issues to report.