feat: add issue templates, security policy, and update contributing guide

[avoidwork]

Summary

Added comprehensive documentation templates and policies to standardize issue reporting, feature requests, and security disclosures.

Type of Change

• Documentation update
• Bug fix (non-breaking change which fixes an issue)
• New feature / enhancement
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Build / dependency / tooling change
• Test additions or updates
• Other

Related Issues

N/A

Testing

• All files are documentation-only (markdown templates and policies)
• No code changes, no build required
• Verified template syntax renders correctly on GitHub

Checklist

• npm test passes
• npm run build succeeds
• 100% test coverage maintained
• No hardcoded secrets or credentials introduced
• Zero external dependencies added
• ES Modules only (no CommonJS in src/)
• JSDoc comments added/updated
• CHANGELOG.md updated (if applicable)

[augmentcode]

🤖 Augment PR Summary

Summary: This PR adds standardized GitHub community health files to improve issue intake, security reporting, and contribution consistency.

Changes:

• Added GitHub issue templates for bug reports and feature requests
• Added a repository-level security policy describing supported versions and disclosure expectations
• Extended the PR template checklist (JSDoc + changelog) and added a screenshots section
• Updated CONTRIBUTING.md to point contributors at the new issue templates
• Documented a maintainer review process and what reviewers typically check

Technical Notes: All changes are documentation/template-only (no runtime code changes), intended to standardize reporting and review workflows.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. 4 suggestions posted.

Comment augment review to trigger a new review at any time.

[augmentcode]

Supported Versions currently marks 6.x as supported, but package.json is 11.0.18; this mismatch could mislead users about which major receives security updates.

Severity: medium

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}

[augmentcode]

The reporting instructions say to "Email security findings to the maintainers" but don't provide a security contact address or an alternative private channel, which makes the policy hard to follow in practice.

Severity: medium

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}

[augmentcode]

This adds a new Screenshots section, but the repo rule says every PR template section must be filled (use N/A when not applicable) (Rule: AGENTS.md). As-is, contributors may leave this section blank and unintentionally violate that requirement.

Severity: low

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}

[augmentcode]

The environment prompt asks for a "filesize.js version"; since the published package name is filesize, reporters might provide the wrong identifier/version here.

Severity: low

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}