[SM-1259] Add Contributing and cargo fmt Note to README (#793)

## Type of change

<!-- (mark with an `X`) -->

```
- [ ] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [x] Other
```

## Objective

<!--Describe what the purpose of this PR is. For example: what bug
you're fixing or what new feature you're adding-->

Adds the contributing note we have in clients & server, with
`SECURITY.md`. Also adds a note about `cargo +nightly fmt`.

## Before you submit

- Please add **unit tests** where it makes sense to do so

README.md

@@ -110,3 +110,36 @@ The list of developer tools is:
 
 [secrets-manager]: https://bitwarden.com/products/secrets-manager/
 [bws-help]: https://bitwarden.com/help/secrets-manager-cli/
+
+## Cargo fmt
+
+We use certain unstable features for formatting which require the nightly version of cargo-fmt.
+
+To install:
+
+```
+rustup component add rustfmt --toolchain nightly
+```
+
+To run:
+
+```
+cargo +nightly fmt
+```
+
+## Contribute
+
+Code contributions are welcome! Please commit any pull requests against the `main` branch. Learn
+more about how to contribute by reading the
+[Contributing Guidelines](https://contributing.bitwarden.com/contributing/). Check out the
+[Contributing Documentation](https://contributing.bitwarden.com/) for how to get started with your
+first contribution.
+
+Security audits and feedback are welcome. Please open an issue or email us privately if the report
+is sensitive in nature. You can read our security policy in the [`SECURITY.md`](SECURITY.md) file.
+We also run a program on [HackerOne](https://hackerone.com/bitwarden).
+
+No grant of any rights in the trademarks, service marks, or logos of Bitwarden is made (except as
+may be necessary to comply with the notice requirements as applicable), and use of any Bitwarden
+trademarks must comply with
+[Bitwarden Trademark Guidelines](https://github.com/bitwarden/server/blob/main/TRADEMARK_GUIDELINES.md).

SECURITY.md

@@ -0,0 +1,32 @@
+Bitwarden believes that working with security researchers across the globe is crucial to keeping our
+users safe. If you believe you've found a security issue in our product or service, we encourage you
+to please submit a report through our [HackerOne Program](https://hackerone.com/bitwarden/). We
+welcome working with you to resolve the issue promptly. Thanks in advance!
+
+# Disclosure Policy
+
+- Let us know as soon as possible upon discovery of a potential security issue, and we'll make every
+  effort to quickly resolve the issue.
+- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or
+  a third-party. We may publicly disclose the issue before resolving it, if appropriate.
+- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or
+  degradation of our service. Only interact with accounts you own or with explicit permission of the
+  account holder.
+- If you would like to encrypt your report, please use the PGP key with long ID
+  `0xDE6887086F892325FEC04CC0D847525B6931381F` (available in the public keyserver pool).
+
+While researching, we'd like to ask you to refrain from:
+
+- Denial of service
+- Spamming
+- Social engineering (including phishing) of Bitwarden staff or contractors
+- Any physical attempts against Bitwarden property or data centers
+
+# We want to help you!
+
+If you have something that you feel is close to exploitation, or if you'd like some information
+regarding the internal API, or generally have any questions regarding the app that would help in
+your efforts, please email us at https://bitwarden.com/contact and ask for that information. As
+stated above, Bitwarden wants to help you find issues, and is more than willing to help.
+
+Thank you for helping keep Bitwarden and our users safe!