Title:
Document contribution and security expectations for outside contributors
Body:
Hi maintainer. I ran a local maintainer-readiness audit with `oss-signal` against this repository and found a few contributor-facing policy files that could make outside participation easier:
- `CONTRIBUTING.md` with setup, test commands, and review expectations
- `SECURITY.md` with reporting instructions and supported versions
- `.github/PULL_REQUEST_TEMPLATE.md` with a short checklist
This is not meant as a broad repository overhaul. The repository already has a README, license, CI, tests, and issue templates, so the most useful next step looks like documenting contribution and disclosure expectations.
If you want a small follow-up PR, I would keep it to those documentation files only. If this is already covered on another docs site, feel free to close this.
Local report: neardws-oss-application-pack-builder-report.md