add contributing and security info

Author: michalsn

CONTRIBUTING.md

@@ -0,0 +1,10 @@
+# Contributing to CodeIgniter4
+
+CodeIgniter is a community driven project and accepts contributions of
+code and documentation from the community.
+
+If you'd like to contribute, please read [Contributing to CodeIgniter](https://github.com/codeigniter4/CodeIgniter4/blob/develop/contributing/README.md)
+in the [main repository](https://github.com/codeigniter4/CodeIgniter4).
+
+If you are going to contribute to this repository, please report bugs or send PRs
+to this repository instead of the main repository.

SECURITY.md

@@ -0,0 +1,26 @@
+# Security Policy
+
+The development team and community take all security issues seriously. **Please do not make public any uncovered flaws.**
+
+## Reporting a Vulnerability
+
+Thank you for improving the security of our code! Any assistance in removing security flaws will be acknowledged.
+
+**Please report security flaws by emailing the development team directly: [email protected]**.
+
+The lead maintainer will acknowledge your email within 48 hours, and will send a more detailed response within 48 hours indicating
+the next steps in handling your report. After the initial reply to your report, the security team will endeavor to keep you informed of the
+progress towards a fix and full announcement, and may ask for additional information or guidance.
+
+## Disclosure Policy
+
+When the security team receives a security bug report, they will assign it to a primary handler.
+This person will coordinate the fix and release process, involving the following steps:
+
+- Confirm the problem and determine the affected versions.
+- Audit code to find any potential similar problems.
+- Prepare fixes for all releases still under maintenance. These fixes will be released as fast as possible.
+
+## Comments on this Policy
+
+If you have suggestions on how this process could be improved please submit a Pull Request.