[DOCS] Add CONTRIBUTING, SECURITY, and pull request templates

[Obiajulu-gif]

Overview

Add core open-source maintainer documentation so GrantFox contributors understand how to work on ChainMove safely and professionally.

Problem

Contributors need clear rules for local setup, secret handling, PR scope, security reporting, and maintainer review expectations. Without these files, contributors may ask for private API keys, submit large unfocused PRs, or accidentally expose sensitive configuration.

Expected solution

Create or update:

• CONTRIBUTING.md
• SECURITY.md
• .github/PULL_REQUEST_TEMPLATE.md
• optional issue templates under .github/ISSUE_TEMPLATE/

Contributor guide should explain

• Never request maintainer API keys.
• Copy .env.example to .env.local.
• Use mock mode where possible.
• Do not commit .env.local or secrets.
• Keep PRs small and focused.
• Run npm run lint and npm run build before opening PRs.
• Clearly state affected areas: frontend, backend, auth, payments, Stellar, docs, tests, UI/UX.

Security guide should explain

• How to report vulnerabilities privately.
• What counts as sensitive information.
• Why production keys must not be shared.
• Why Stellar private keys must never be stored in frontend code.

Files likely involved

• CONTRIBUTING.md
• SECURITY.md
• .github/PULL_REQUEST_TEMPLATE.md
• .github/ISSUE_TEMPLATE/*.md

Acceptance criteria

• Contributor docs exist and are easy to follow.
• Security policy clearly explains secret handling.
• PR template includes checklist for lint/build/security.
• Issue templates help route frontend, backend, Stellar, docs, and bug tasks.

Suggested labels

documentation, security, developer-experience, good first issue

Difficulty

Good first issue

[Menjay7]

Hi! I came across this issue and would love to work on it. I have experience with similar tasks and I'm confident I can investigate, implement a clean solution, and thoroughly test it before submitting a PR. If the issue is still open, I would appreciate it if you could assign it to me. Thank you!

[ozzy166]

Hey, I can grab this.
​I’ll set up the core maintainer and contributor docs so anyone jumping into the project knows how to work safely.
​I'll put together a CONTRIBUTING.md that lays out the rules for local environment configs (.env.local), running checks like linting and building, and keeping PRs focused. I'll also add a SECURITY.md detailing how to report bugs privately and making it clear that Stellar private keys should never touch the frontend. Lastly, I'll build out clean templates for issues and pull requests so developers can tag their affected areas (like frontend, backend, or Stellar) automatically.
​I can get these markdown files added and configured for you in less than 24 hours.

[jaynomyaro]

Hi! I’m a full-stack developer with a strong blockchain background. I’d love to handle this issue and can deliver a clean, reliable solution. Kindly assign it to me.

[OkeyAmy]

Hello Chief, I would like to work on this issue. I have 3 years of experience as an open source contributor

[rohan911438]

Would love to work on it

[grantfox-oss]

🦊 GrantFox — @rohan911438 has been assigned to this issue as part of the Official Campaign campaign!

Next steps:

1. Open a Pull Request referencing this issue (e.g., Closes #22)
2. Your PR will be reviewed by the Chainmove maintainers

Good luck! Track your progress on GrantFox.

[grantfox-oss]

🎉 This issue has been marked as completed on GrantFox as part of the Official Campaign campaign!

@rohan911438's PR #59 was approved and merged by @Obiajulu-gif.

🏆 @rohan911438: You earned 35 FoxPoints for this contribution! Your current tier: Explorer (363 total points). Track your full progress on GrantFox.

👏 Great work, @rohan911438! Keep contributing to Chainmove.