docs: Add Governance Documentation (#1056)

Signed-off-by: Leonard Wang <leonardwang2000@gmail.com>
Co-authored-by: Ashna Mehrotra <ashnamehrotra@gmail.com>

Author: leodewang

GOVERNANCE.md

@@ -0,0 +1,104 @@
+# Copacetic Project Governance
+
+The Copacetic  project is dedicated to creating a community of individuals interested in vulnerability management. 
+
+This governance explains how the project is run.
+
+- [Values](#values)
+- [Maintainers](#maintainers)
+- [Becoming a Maintainer](#becoming-a-maintainer)
+- [Meetings](#meetings)
+- [CNCF Resources](#cncf-resources)
+- [Security Response Team](#security-response-team)
+- [Voting](#voting)
+- [Modifications](#modifying-this-charter)
+
+## Values
+
+The Copacetic project and its leadership embrace the following values:
+
+* Openness: Communication and decision-making happens in the open and is discoverable for future
+  reference. As much as possible, all discussions and work take place in public
+  forums and open repositories.
+
+* Fairness: All stakeholders have the opportunity to provide feedback and submit
+  contributions, which will be considered on their merits.
+
+* Community over Product or Company: Sustaining and growing our community takes
+  priority over shipping code or sponsors' organizational goals.  Each
+  contributor participates in the project as an individual.
+
+* Inclusivity: We innovate through different perspectives and skill sets, which
+  can only be accomplished in a welcoming and respectful environment.
+
+* Participation: Responsibilities within the project are earned through
+  participation, and there is a clear path up the contributor ladder into leadership
+  positions.
+
+## Maintainers
+
+Copacetic Maintainers have write access to the [project GitHub repository](https://github.com/project-copacetic/copacetic).
+They can merge their own patches or patches from others. The current maintainers
+can be found in [MAINTAINERS.md](./MAINTAINERS.md).  Maintainers collectively manage the project's
+resources and contributors.
+
+This privilege is granted with some expectation of responsibility: maintainers
+are people who care about the Copacetic project and want to help it grow and
+improve. A maintainer is not just someone who can make changes, but someone who
+has demonstrated their ability to collaborate with the team, get the most
+knowledgeable people to review code and docs, contribute high-quality code, and
+follow through to fix issues (in code or tests).
+
+A maintainer is a contributor to the project's success and a citizen helping
+the project succeed.
+
+The collective team of all Maintainers is known as the Maintainer Council, which
+is the governing body for the project.
+
+Maintainer responsibilities and other role descriptions can be found in the [contributor ladder](./CONTRIBUTOR_LADDER.md).
+
+## Code Changes
+All code changes should go through the Pull Request (PR) process. PRs should only be merged after receiving approval (via GitHub) from at least one other maintainer.
+We do not vote formally on every code change, but we do expect that every code change merged has the same community support as if the change were approved by a formal vote. When a merge occurs without sufficient community support, the change should be reverted until the dispute is resolved through discussion. Any team member who feels that a technical decision cannot be reached can call for a formal vote following the rules outlined below in either the PR or a separate issue.
+
+## Meetings
+
+Time zones permitting, Maintainers are expected to participate in the [public
+developer meeting](https://docs.google.com/document/d/1QdskbeCtgKcdWYHI6EXkLFxyzTCyVT6e8MgB3CaAhWI/edit#heading=h.294j02tlxam), which occurs
+at a bi-weekly cadence.  
+
+Maintainers will also have closed meetings in order to discuss security reports
+or Code of Conduct violations.  Such meetings should be scheduled by any
+Maintainer on receipt of a security issue or CoC report.  All current Maintainers
+must be invited to such closed meetings, except for any Maintainer who is
+accused of a CoC violation.
+
+## CNCF Resources
+
+Any Maintainer may suggest a request for CNCF resources, either in the
+[mailing list](https://groups.google.com/g/project-copa), or during a
+meeting.  A simple majority of Maintainers approves the request.  
+
+
+## Security Response Team
+
+The Maintainers will serve as a Security Response Team to handle security reports. The Security Response Team is responsible for handling all reports of security
+holes and breaches according to the [security policy](./SECURITY.md).
+
+## Voting
+
+While most business in Project Copacetic is conducted by "[lazy consensus](https://community.apache.org/committers/lazyConsensus.html)", 
+periodically the Maintainers may need to vote on specific actions or changes.
+A vote can be taken on [the developer mailing list](https://groups.google.com/g/project-copa) or
+the private Maintainer mailing list for security or conduct matters.  
+Votes may also be taken at community meetings or through Github Issues.  Any Maintainer may
+demand a vote be taken.
+
+Most votes require a simple majority of all Maintainers to succeed, except where
+otherwise noted.  Two-thirds majority votes mean at least two-thirds of all 
+existing maintainers.
+
+## Modifying this Charter
+
+Changes to this Governance and its supporting documents may be approved by 
+a 2/3 vote of the Maintainers.

MAINTAINERS.md

@@ -0,0 +1,11 @@
+The current Maintainers Group for the Copacetic Project consists of:
+
+| Name | Employer | Responsibilities |
+| ---- | -------- | ---------------- |
+|   Ashna Mehrotra   |     Microsoft     |        ALL          |
+|   Jeremey Rickard   |     Microsoft     |        ALL          |
+|   Sertac Ozercan   |     Microsoft     |        ALL          |
+
+This list must be kept in sync with the [CNCF Project Maintainers list](https://github.com/cncf/foundation/blob/master/project-maintainers.csv).
+
+See [the project Governance](./GOVERNANCE.md) for how maintainers are selected and replaced.