[codex] Improve open source documentation governance

[Pigbibi]

Summary

• add or link standard open-source governance docs from the README
• add CODE_OF_CONDUCT across the repository surface
• add missing CONTRIBUTING and SECURITY docs where this repository did not already have them

Validation

• git diff --check
• Markdown link check across repository docs

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e32b6a7422

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Provide a usable private reporting channel

For repositories where GitHub private vulnerability reporting is not enabled, this leaves reporters with no private contact path: GitHub user mentions are public and GitHub does not provide general direct messages, and I found no email or alternate private security contact elsewhere in the repo with rg. Since the README now directs credential/broker/cloud-resource vulnerabilities through this SECURITY.md and explicitly says not to open public issues, reporters may be unable to disclose sensitive issues safely unless this line provides an actual private channel or requires private reporting to be enabled.

Useful? React with 👍 / 👎.