chore(github): Update repo files (#2006)

- [x] DELETE OWNERS file, not parsed, only used for bookkeeping, CODEOWNERS does this
- [x] update CODEOWNERS to people who have committed in the last year
- [x] create EMERITUS.md to list former CODEOWNERS and thank them for their contribution
- [x] create SECURITY.md so people know how to report security issues
  - [x] turn on private vulnerability reporting in the repository
- [x] create CODE_OF_CONDUCT.md linking to CNCF code of conduct

By adding a code of conduct and security file we can set our Community Standards to 100% [here](https://github.com/argoproj/argo-helm/community)

Signed-off-by: jmeridth <jmeridth@gmail.com>
Co-authored-by: Marko Bevc <marko@scalefactory.com>

CODEOWNERS

@@ -1,16 +1,14 @@
-# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
-
-# Other and new charts
-/charts/ @oliverbaehler
+# All
+*                              @mkilchhofer @jmeridth
 
 # Argo Workflows
-/charts/argo-workflows/ @stefansedich @paguos @vladlosev @yann-soubeyrand @jmeridth @yu-croco
+/charts/argo-workflows/        @vladlosev @yann-soubeyrand @jmeridth @yu-croco
 
 # Argo CD
-/charts/argo-cd/ @davidkarlsen @mr-sour @yann-soubeyrand @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil
+/charts/argo-cd/               @mbevc1 @mkilchhofer @yu-croco @jmeridth @pdrastil
 
 # Argo Events
-/charts/argo-events/ @jbehling @VaibhavPage @pdrastil
+/charts/argo-events/           @pdrastil @jmeridth
 
 # Argo Rollouts
-/charts/argo-rollouts/
+/charts/argo-rollouts/         @jmeridth

CODE_OF_CONDUCT.md

@@ -0,0 +1,9 @@
+# Code of Conduct
+
+We adhere to the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md).  Please reference the link for details.
+
+## TL;DR (too long didn't read)
+
+Be kind
+
+Your participation is at the discression of the maintainers of this project.

EMERITUS.md

@@ -0,0 +1,12 @@
+# Emeritus Approvers
+
+These are the people who have been approvers in the past, and have since retired from the role.
+
+We thank them for their service to the project.
+
+* @oliverbaehler
+* @stefansedich
+* @paguos
+* @yann-soubeyrand
+* @davidkarlsen
+* @jbehling

OWNERS

@@ -1,9 +0,0 @@
-owners:
-- alexec
-- alexmt
-- jessesuen
-
-approvers:
-- alexec
-- alexmt
-- jessesuen

SECURITY.md

@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions and Upstream Reporting
+
+Each helm chart currently supports the designated application version in the Chart.yaml.  There is a chance a security issue you've discovered may not be with the helm chart but with the upstream application.  Please visit that application's Security policy docueent to find out how to report the security issue.
+
+* [Security Policy for Argo Workflows](https://github.com/argoproj/argo-workflows/blob/master/SECURITY.md)
+* [Security Policy for Argo Events](https://github.com/argoproj/argo-events/blob/master/SECURITY.md)
+* [Security Policy for Argo Rollouts](https://github.com/argoproj/argo-rollouts/blob/master/docs/security.md)
+* [Security Policy for Argo CD](https://github.com/argoproj/argo-cd/blob/master/SECURITY.md)
+* [Security Policy for Argo CD Image Updater](https://github.com/argoproj-labs/argocd-image-updater/blob/master/SECURITY.md)
+
+## Reporting a Vulnerability for Argo Helm Charts
+
+We have enabled the ability to privately report security issues through the  Security tab above.
+
+[Here are the details on how to file](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) on how to do that
+
+A repository owner/maintainer will respond as fast as possible to coordinate confirmation of issue and remediation.
+
+Thank you for helping to ensure this code stays secure.