docs: add issue templates, security policy, and update contributing guide

[avoidwork]

Summary

Adds comprehensive documentation templates and policies to filesize.js.

Changes

New Files

• **** — Structured bug report template with reproduction steps, expected vs actual behavior, and environment details
• **** — Feature request template with motivation, proposed solution, and example usage
• **** — Security policy with responsible disclosure process, supported versions, and safe harbor statement

Updated Files

• **** — Enhanced PR template with additional checklist items (JSDoc, CHANGELOG)
• **** — Added Code Review section with review process, what reviewers look for, and tips

Why

These templates standardize how contributors report issues, request features, and submit PRs. The security policy provides a clear responsible disclosure path. The updated contributing guide makes the review process transparent.

Checklist

• All templates follow GitHub's template format
• Security policy aligns with industry best practices
• Contributing guide updated with code review expectations
• No code changes — documentation only

[augmentcode]

🤖 Augment PR Summary

Summary: This PR adds GitHub community health docs to standardize how contributors file issues, request features, disclose security issues, and submit PRs.

Changes:

• Added bug report and feature request templates under .github/ISSUE_TEMPLATE/.
• Added .github/SECURITY.md outlining supported versions and a responsible disclosure process.
• Expanded .github/PULL_REQUEST_TEMPLATE.md with checklist items for JSDoc/CHANGELOG and an optional screenshots section.
• Updated CONTRIBUTING.md to point to issue templates and document the code review process/expectations.

Technical Notes: Documentation-only change; no library/runtime behavior is modified.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. 3 suggestions posted.

Comment augment review to trigger a new review at any time.

[augmentcode]

SECURITY.md lists 6.x as the supported major, but the current package version is 11.0.18; this mismatch could mislead users about which releases receive security fixes.

Severity: medium

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}

[augmentcode]

The reporting instructions say to “Email security findings to the maintainers” but don’t provide a specific contact address or an alternative (e.g., GitHub Security Advisories), which may block responsible disclosures.

Severity: medium

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}

[augmentcode]

The new “Screenshots (if applicable)” section can conflict with the project rule that PR templates shouldn’t leave sections blank (AGENTS.md 7.4); contributors may need explicit guidance like using N/A when not applicable.

Severity: low

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}