Add license/security

Author: harmony7

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 Fastly, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -88,3 +88,18 @@ each argument are as follows, but you may still override these defaults individu
 | `next`                         | `./out`      | (None)           | For apps written using [Next.js](https://nextjs.org), using `npm run export`.                                                                                                       |
 | `gatsby`                       | `./public`   | (None)           | For apps written using [Gatsby](https://www.gatsbyjs.com).                                                                                                                          |
 | `docusaurus`                   | `./build`    | (None)           | For apps written using [Docusaurus](https://docusaurus.io)                                                                                                                          |
+
+## Issues
+
+If you encounter any non-security-related bug or unexpected behavior, please [file an issue][bug]
+using the bug report template.
+
+[bug]: https://github.com/fastly/compute-js-static-publish/issues/new?labels=bug
+
+### Security issues
+
+Please see our [SECURITY.md](./SECURITY.md) for guidance on reporting security-related issues.
+
+## License
+
+[MIT](./LICENSE).

SECURITY.md

@@ -0,0 +1,13 @@
+## Report a security issue
+
+The project team welcomes security reports and is committed to providing prompt attention to security issues. Security
+issues should be reported privately via [Fastly’s security issue reporting process](https://www.fastly.com/security/report-security-issue).
+
+## Security advisories
+
+Remediation of security vulnerabilities is prioritized by the project team. The project team endeavors to coordinate
+remediation with third-party stakeholders, and is committed to transparency in the disclosure process. The team announces
+security issues via [GitHub](https://github.com/fastly/compute-js-static-publish/releases) on a best-effort basis.
+
+Note that communications related to security issues in Fastly-maintained OSS as described here are distinct from
+[Fastly Security Advisories](https://www.fastly.com/security-advisories).