chore: add coc, contibution, and security documents for community guidelines

SECURITY.md

@@ -0,0 +1,56 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| latest  | :white_check_mark: |
+| < latest| :x:                |
+
+i recommend always using the latest version of snitch.
+
+## Reporting a Vulnerability
+
+if you discover a security vulnerability, please report it responsibly:
+
+1. **do not** open a public issue for security vulnerabilities
+2. email the maintainer directly or use github's [private vulnerability reporting](https://github.com/karol-broda/snitch/security/advisories/new)
+3. include as much detail as possible:
+   - description of the vulnerability
+   - steps to reproduce
+   - potential impact
+   - suggested fix (if any)
+
+## What to Expect
+
+- acknowledgment of your report within 48 hours
+- regular updates on the progress of addressing the issue
+- credit in the release notes (unless you prefer to remain anonymous)
+
+## Security Considerations
+
+snitch reads network socket information from the operating system:
+
+- **linux**: reads from `/proc/net/*` which requires appropriate permissions
+- **macos**: uses system APIs that may require elevated privileges
+
+snitch does not:
+- make network connections (except for `snitch upgrade` which fetches from github)
+- write to system files
+- collect or transmit any data
+
+## Scope
+
+the following are considered in-scope for security reports:
+
+- vulnerabilities in snitch code
+- insecure defaults or configurations
+- privilege escalation issues
+- information disclosure beyond intended functionality
+
+out of scope:
+
+- social engineering attacks
+- issues in dependencies (report to the upstream project)
+- issues requiring physical access to the machine
+