feat: add security guides and templates

[AdekunleBamz]

Summary

This PR adds comprehensive security documentation to help standardize security processes and provide resources for security researchers and the Yearn team.

Changes

New Guides (guides/)

AUDIT_CHECKLIST.md - Comprehensive smart contract security audit checklist with 15 sections:

• Access Control (owner privileges, role-based access)
• Reentrancy (CEI pattern, cross-function reentrancy)
• Integer Arithmetic (overflow, precision issues)
• Oracle Security (price feeds, manipulation resistance)
• Token Handling (ERC-20 compatibility, approvals)
• Flash Loan Resistance
• External Integrations
• Gas and DoS (unbounded operations, griefing)
• Initialization (constructors, proxy patterns)
• Upgradability
• Governance and Time Locks
• Events and Logging
• Error Handling
• Economic Considerations
• Code Quality

SEVERITY_CLASSIFICATION.md - Vulnerability severity guide including:

• Severity levels (Critical, High, Medium, Low) with definitions and examples
• Bug bounty ranges for each severity
• Impact categories based on fund exposure
• Likelihood assessment matrix
• Attack vector categories (smart contract and DeFi-specific)
• Reporting and escalation guidelines

EMERGENCY_RESPONSE_RUNBOOK.md - Incident response procedures:

• P0-P3 incident classification
• Step-by-step response procedures for critical incidents
• War room protocols and role definitions
• Contact directory template
• Emergency action procedures (pause, disable keepers)
• Post-incident checklist
• Communication templates

New Templates (templates/)

DISCLOSURE_TEMPLATE.md - Standardized format for incident disclosures:

• Follows the pattern of existing disclosures in the repository
• Includes all required sections: Summary, Background, Details, Timeline, References
• Pre-publication checklist

BUG_BOUNTY_SUBMISSION.md - Structured vulnerability report format:

• Severity classification
• Technical description and root cause
• Proof of Concept section with code template
• Remediation suggestions
• Submission checklist

Updated Files

README.md - Added references to new guides and templates sections

Benefits

• Consistency: Standardized templates ensure all disclosures follow the same format
• Completeness: Comprehensive checklists reduce the chance of missing critical security checks
• Efficiency: Ready-to-use templates speed up incident response and reporting
• Onboarding: New team members and security researchers have clear guidelines
• Transparency: Clear severity definitions help set expectations for bug bounty participants