docs: add governance

[knqyf263]

Description

Define core principles.

Issues

• Close Enhancing Governance Model for Trivy Project #6091

Checklist

• I've read the guidelines for contributing to this repository.
• I've followed the conventions in the PR title.
• I've added tests that prove my fix is effective or that my feature works.
• I've updated the documentation with the relevant information (if needed).
• I've added usage information (if the PR introduces new options)
• I've included a "before" and "after" example to the description (if the PR is a user interface change).

[itaysk]

looks great, thanks. Two small things:

1. I think the title "governance" isn't the best word for this content. Governance (especially in open source) talks more about the team, the ceremony, the decision making framework. I don't have a great suggestion but perhaps "Principles" is more appropriate here.
2. Consider adding a note about the relationship to Aqua commercial product, with reference to https://github.com/aquasecurity/resources/blob/main/trivy-aqua.md. meaning if something is in aqua territory is automatically out of scope for trivy.

[knqyf263]

I think the title "governance" isn't the best word for this content.

Yes, I was adding more content about how to make decisions or something like that. But I deleted them and focused on principles in this PR. I'll update it.

Consider adding a note about the relationship to Aqua commercial product, with reference to https://github.com/aquasecurity/resources/blob/main/trivy-aqua.md. meaning if something is in aqua territory is automatically out of scope for trivy.

OK.

[knqyf263]

updated
#6107