feature: Document policies and processes

[pawamoy]

Taken from the Tidelift survey:

• Formal processes or standards to verify all contributors
• Provide fixes and recommendations for vulnerabilities
• Static code analysis
• Disclosure plan on how you should be contacted about security issues
• Dynamic code analysis
• Third-party security audits
• Two-factor authentication for source code hosting and package managers
• Secure build tooling
• Signed releases and published artifact provenance
• Secrets management

Also:

• Formal policy about backwards compatibility
• Formal processes or standards to prioritize the order in which pull requests and issues are addressed
• Reproducible and verifiable build processes
• Defined dependency management process
• Code peer review process with multiple reviewers
• Formal processes or standards to verify all new contributors

Also:

• Clearly defined process for conflict resolution
• Published code of conduct
• Documented release notes and upgrade considerations
• Published contributor guide
• Continuance or succession plan in case you or other maintainers leave the project
• Clearly documented open source license

Boost priority

• Boost priority in our backlog through Polar.sh. Higher pledge, higher priority.
• Minimum pledge by user/organization is $5, minimum amount for boost is $30.
• View all issues with pledges.
• We receive the funds once the issue is completed and confirmed by you.
• Features with the insiders label are released to sponsors first, and tied to a funding goal.