Projects may publish a security contact, but there is no verification that it belongs to the project.
Acceptance criteria:
Add security contact field in metadata schema.
Support proof CID for contact ownership.
Expose verification status for security contact.
Tests cover contact update and proof submission.
Projects may publish a security contact, but there is no verification that it belongs to the project.
Acceptance criteria:
Add security contact field in metadata schema.
Support proof CID for contact ownership.
Expose verification status for security contact.
Tests cover contact update and proof submission.