Add miscellenous repository files for best practices (#48)

This adds some miscellaneous files, like a security policy file, in
order to improve some of the GitHub best practices indicators on
https://github.com/quantumlib/TypedUnits/community

It also fills out `CONTRIBUTING.md` with more detailed information
(based on other quantumlib projects), and adds an important warning
about contributions using AI-based code generation.

Author: mhucka

.github/SECURITY.md

@@ -0,0 +1,30 @@
+# Reporting security issues
+
+The TypedUnits developers and community take security bugs in TypedUnits
+seriously. We appreciate your efforts to disclose your findings responsibly, and
+will make every effort to acknowledge your contributions.
+
+Please **do not** use GitHub issues to report security vulnerabilities; GitHub
+issues are public, and doing so could allow someone to exploit the information
+before the problem can be addressed. Instead, please use the GitHub ["Report a
+Vulnerability"](https://github.com/quantumlib/TypedUnits/security/advisories/new)
+interface from the _Security_ tab of the TypedUnits repository.
+
+Please report security issues in third-party modules to the person or team
+maintaining the module rather than the TypedUnits project stewards, unless you
+believe that some action needs to be taken with TypedUnits in order to guard
+against the effects of a security vulnerability in a third-party module.
+
+## Responses to security reports
+
+The project stewards at Google Quantum AI will send a response indicating the
+next steps in handling your report. After the initial reply to your report, the
+project stewards will keep you informed of the progress towards a fix and full
+announcement, and may ask for additional information or guidance.
+
+## Additional points of contact
+
+Please contact the project stewards at Google Quantum AI via email at
+quantum-oss-maintainers@google.com if you have questions or other concerns. If
+for any reason you are uncomfortable reaching out to the project stewards,
+please email opensource@google.com.

CODE_OF_CONDUCT.md

@@ -0,0 +1,91 @@
+# Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of
+experience, education, socio-economic status, nationality, personal appearance,
+race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+*   Using welcoming and inclusive language
+*   Being respectful of differing viewpoints and experiences
+*   Gracefully accepting constructive criticism
+*   Focusing on what is best for the community
+*   Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+*   The use of sexualized language or imagery and unwelcome sexual attention or
+    advances
+*   Trolling, insulting/derogatory comments, and personal or political attacks
+*   Public or private harassment
+*   Publishing others' private information, such as a physical or electronic
+    address, without explicit permission
+*   Other conduct which could reasonably be considered inappropriate in a
+    professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, or to ban temporarily or permanently any
+contributor for other behaviors that they deem inappropriate, threatening,
+offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+This Code of Conduct also applies outside the project spaces when the Project
+Stewards have a reasonable belief that an individual's behavior may have a
+negative impact on the project or its community.
+
+## Conflict Resolution
+
+We do not believe that all conflict is bad; healthy debate and disagreement
+often yield positive results. However, it is never okay to be disrespectful or
+to engage in behavior that violates the project’s Code of Conduct.
+
+If you see someone violating the Code of Conduct, you are encouraged to address
+the behavior directly with those involved. Many issues can be resolved quickly
+and easily, and this gives people more control over the outcome of their
+dispute. If you are unable to resolve the matter for any reason, or if the
+behavior is threatening or harassing, report it. We are dedicated to providing
+an environment where participants feel welcome and safe.
+
+Reports should be directed to quantumai-oss-maintainers@googlegroups.com,
+the project stewards at Google Quantum AI. They will then work with a committee
+consisting of representatives from the Open Source Programs Office and the
+Google Open Source Strategy team. If for any reason you are uncomfortable
+reaching out to the Project Stewards, please email opensource@google.com.
+
+We will investigate every complaint, but you may not receive a direct response.
+We will use our discretion in determining when and how to follow up on reported
+incidents, which may range from not taking action to permanent expulsion from
+the project and project-sponsored spaces. We will notify the accused of the
+report and provide them an opportunity to discuss it before any action is taken.
+The identity of the reporter will be omitted from the details of the report
+supplied to the accused. In potentially harmful situations, such as ongoing
+harassment or threats to anyone's safety, we may take action without notice.
+
+## Attribution
+
+This Code of Conduct is adapted from the Contributor Covenant, version 1.4,
+available at
+https://www.contributor-covenant.org/version/1/4/code-of-conduct.html

CONTRIBUTING.md

@@ -1,38 +1,123 @@
 # How to contribute
 
-We'd love to accept your patches and contributions to this project.
-We do have some guidelines to follow, covered in this document, but don't
-worry about (or expect to) get everything right the first time!
-Create a pull request and we'll nudge you in the right direction. Please also
-note that we have a [code of conduct](CODE_OF_CONDUCT.md) to make TUnits an
-open and welcoming environment.
+We'd love to accept your patches and contributions to this project. We do have
+some guidelines to follow, covered in this document, but don't be concerned
+about getting everything right the first time! Create a pull request (discussed
+below) and we'll nudge you in the right direction.
 
 ## Before you begin
 
 ### Sign our Contributor License Agreement
 
-Contributions to this project must be accompanied by a
-[Contributor License Agreement](https://cla.developers.google.com/about) (CLA).
-You (or your employer) retain the copyright to your contribution; this simply
-gives us permission to use and redistribute your contributions as part of the
-project.
+Contributions to this project must be accompanied by a [Contributor License
+Agreement](https://cla.developers.google.com/about) (CLA). You (or your
+employer) retain the copyright to your contribution; the CLA simply gives us
+permission to use and redistribute your contributions as part of the project.
+Please visit https://cla.developers.google.com/ to see your current agreements
+on file or to sign a new one. You generally only need to submit a Google CLA
+once, so if you've already submitted one (even if it was for a different
+project), you probably don't need to do it again.
 
-If you or your current employer have already signed the Google CLA (even if it
-was for a different project), you probably don't need to do it again.
-
-Visit <https://cla.developers.google.com/> to see your current agreements or to
-sign a new one.
+> [!WARNING]
+> Please note carefully clauses [#5](https://cla.developers.google.com/about/google-corporate#:~:text=You%20represent%20that%20each%20of%20Your%20Contributions%20is%20Your%20original%20creation)
+> and [#7](https://cla.developers.google.com/about/google-corporate#:~:text=Should%20You%20wish%20to%20submit%20work%20that%20is%20not%20Your%20original%20creation%2C%20You%20may%20submit%20it%20to%20Google%20separately)
+> in the CLA. Any code that you contribute to this project must be **your**
+> original creation. Code generated by artificial intelligence tools **does
+> not** qualify as your original creation.
 
 ### Review our community guidelines
 
-This project follows
-[Google's Open Source Community Guidelines](https://opensource.google/conduct/).
+We have a [code of conduct](CODE_OF_CONDUCT.md) to make the TypedUnits project
+an open and welcoming community environment. Please make sure to read and abide
+by the code of conduct.
 
 ## Contribution process
 
-### Code reviews
-
 All submissions, including submissions by project members, require review. We
-use GitHub pull requests for this purpose. Consult
-[GitHub Help](https://help.github.com/articles/about-pull-requests/) for more
-information on using pull requests.
+use the tools provided by GitHub for [pull
+requests](https://help.github.com/articles/about-pull-requests/) for this
+purpose. The preferred manner for submitting pull requests is to fork the
+TypedUnits [repository](https://github.com/quantumlib/TypedUnits), create a [git
+branch](https://git-scm.com/book/en/v2/Git-Branching-Branches-in-a-Nutshell) in
+this fork to do your work, and when ready, create a pull request from this
+branch to the main TypedUnits repository. The subsections below describe the
+process in more detail.
+
+Pleae make sure to follow the [Google Style
+Guides](https://google.github.io/styleguide/) in your code, particularly the
+[style guide for Python](https://google.github.io/styleguide/pyguide.html).
+
+### Repository forks
+
+1.  Fork the TypedUnits repository (you can use the _Fork_ button in upper right
+    corner of the [repository page](https://github.com/quantumlib/TypedUnits)).
+    Forking creates a new GitHub repo at the location
+    `https://github.com/USERNAME/TypedUnits`, where `USERNAME` is your GitHub
+    user name.
+
+1.  Clone (using `git clone`) or otherwise download your forked repository to
+    your local computer, so that you have a local copy where you can do your
+    development work using your preferred editor and development tools.
+
+1.  Check out the `main` branch and create a new git branch from `main`:
+
+    ```shell
+    git checkout main -b YOUR_BRANCH_NAME
+    ```
+
+    where `YOUR_BRANCH_NAME` is the name of your new branch.
+
+### Development and testing
+
+Do your work and `git commit` your changes to your branch as needed.
+
+We use several tools to test code and perform other activities such as checking
+formatting against the style guidelines. You can run those tools locally during
+development. Wrapper scripts are located in the [`check/`](./check/)
+subdirectory to simplify running the tools.
+
+*   Run `check/pytest` to run the Pytest suite
+*   Run `check/mypy` to run the Mypy type checker
+*   Run `check/pylint` to run the Pylint code linter
+
+### Pull requests and code reviews
+
+1.  If your local copy has drifted out of sync with the `main` branch of the
+    main TypedUnits repository, you may need to merge the latest changes into
+    your branch. To do this, first update your local `main` and then merge your
+    local `main` into your branch:
+
+    ```shell
+    # Track the upstream repo (if your local repo hasn't):
+    git remote add upstream https://github.com/quantumlib/TypedUnits.git
+
+    # Update your local main.
+    git fetch upstream
+    git checkout main
+    git merge upstream/main
+    # Merge local main into your branch.
+    git checkout YOUR_BRANCH_NAME
+    git merge main
+    ```
+
+    If git reports conflicts during one or both of these merge processes, you
+    may need to [resolve the merge conflicts](
+    https://docs.github.com/articles/about-merge-conflicts) before continuing.
+
+1.  Finally, push your changes to your fork of the TypedUnits repo on GitHub:
+
+    ```shell
+    git push origin YOUR_BRANCH_NAME
+    ```
+
+1.  Now when you navigate to the TypedUnits repository on GitHub
+    (https://github.com/quantumlib/TypedUnits), you should see the option to
+    create a new pull request from your forked repository. Alternatively, you
+    can create the pull request by navigating to the "Pull requests" tab near
+    the top of the page, and selecting the appropriate branches.
+
+1.  A reviewer from the TypedUnits team will comment on your code and may ask for
+    changes. You can perform the necessary changes locally, commit them to your
+    branch as usual, and then push changes to your fork on GitHub following the
+    same process as above. When you do that, GitHub will update the code in the
+    pull request automatically.

SUPPORT.md

@@ -0,0 +1,22 @@
+# Support
+
+Thank you for your interest in this project! If you are experiencing problems
+or have questions, the following are some suggestions for how to get help.
+
+> [!NOTE]
+> Before participating in our community, please read our [code of
+> conduct](CODE_OF_CONDUCT.md). By interacting with this repository,
+> organization, or community, you agree to abide by its terms.
+
+## Report an issue or request a feature
+
+To report an issue or request a feature in TypedUnits, please first search the
+[issue tracker on GitHub](https://github.com/quantumlib/TypedUnits/issues) to
+check if there is already an open issue identical or similar to your bug
+report/feature request. If there is none, go ahead and file a new issue in the
+issue tracker.
+
+## Contact the maintainers
+
+For any questions or concerns not addressed here, please email
+[quantum-oss-maintainers@google.com](mailto:quantum-oss-maintainers@google.com).