Adding CONTRIBUTING.md and SECURITY.md files

Aligning to Oracle guidelines, MySQL Github repos should each
include a CONTRIBUTING.md (text) and a SECURITY.md file

Change-Id: I95e268759f4ed4ece8caa602618addda86d76972

Author: rennox

CONTRIBUTING.md

@@ -0,0 +1,18 @@
+We welcome your code contributions. Before submitting code via a GitHub pull
+request, or by filing a bug in https://bugs.mysql.com you will need to have
+signed the Oracle Contributor Agreement, see https://oca.opensource.oracle.com
+
+Only pull requests from committers that can be verified as having signed the OCA
+can be accepted.
+
+Submitting a contribution
+-------------------------
+
+1. Make sure you have a user account at https://bugs.mysql.com. You'll need to reference
+    this user account when you submit your OCA (Oracle Contributor Agreement).
+2. Sign the Oracle OCA. You can find instructions for doing that at the OCA Page,
+    at https://oca.opensource.oracle.com
+3. Validate your contribution by including tests that sufficiently cover the functionality.
+4. Verify that the entire test suite passes with your code applied.
+5. Submit your pull request via GitHub or uploading it using the contribution tab to a bug
+    record in https://bugs.mysql.com (using the 'contribution' tab).

SECURITY.md

@@ -0,0 +1,35 @@
+Reporting security vulnerabilities
+==================================
+
+Oracle values the independent security research community and believes that
+responsible disclosure of security vulnerabilities helps us ensure the security
+and privacy of all our users.
+
+Please do NOT raise a GitHub Issue to report a security vulnerability. If you
+believe you have found a security vulnerability, please submit a report to
+[email protected] preferably with a proof of concept. Please review
+some additional information on how to report security vulnerabilities to Oracle,
+see https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html
+
+We encourage people who contact Oracle Security to use email encryption using
+our encryption key, see https://www.oracle.com/security-alerts/encryptionkey.html
+
+We ask that you do not use other channels or contact the project maintainers
+directly.
+
+Non-vulnerability related security issues including ideas for new or improved
+security features are welcome on GitHub Issues.
+
+Security updates, alerts and bulletins
+--------------------------------------
+Security updates will be released on a regular cadence. Many of our projects
+will typically release security fixes in conjunction with the Oracle Critical Patch
+Update program. Additional information, including past advisories, is available on our
+security alerts page at https://www.oracle.com/security-alerts/
+
+Security-related information
+----------------------------
+We will provide security related information such as a threat model, considerations
+for secure use, or any known security issues in our documentation. Please note
+that labs and sample code are intended to demonstrate a concept and may not be
+sufficiently hardened for production use.