Adds details on security documentation (#3854)

* Docs: adds i18n link and changes redaction (s/we/you/)

* Docs: moving files to advanced folder

* Security: adds GPG key for security [at] decidim.org

* Security: adds a check for default users on checklist

* Fixes codeclimate errors on CONTRIBUTING.md doc

CONTRIBUTING.md

@@ -6,7 +6,11 @@ If you haven't already, come find us in [Gitter](https://gitter.im/decidim/decid
 
 ## Did you find a bug?
 
-* **Do not open up a GitHub issue if the bug is a security vulnerability in Decidim**, and instead send us an email to security [at] decidim.org.
+* **Do not open up a GitHub issue if the bug is a security vulnerability in Decidim**, and instead send us an email to security [at] decidim.org. We recommend to use GPG for these kind of communications, the fingerprint is C1BD 8981 D83C 23F9 D419 FE42 149A D0F9 84B9 35C4. To download our key:
+
+```bash
+gpg --keyserver pgp.key-server.io --recv 84B935C4
+```
 
 * **Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/decidim/decidim/issues).
 

docs/checklist.md

@@ -30,6 +30,8 @@ As a technopolitical project, Decidim needs several things to work. This is a no
 
 1. If you want, configure your [**social providers**](https://github.com/decidim/decidim/blob/master/docs/services/social_providers.md) to enable login using external applications.
 
+1. Check that you don't have any **default users, emails and passwords**, neither on the admin or on the system panel.
+
 ## Contents
 
 1. Ideally you'll have a **Team** formed with experts on IT, Communication, Participation, Design and Law.