Move security policies to summit.git
Different teams have different security policies.
Right now they are each stored in the repo of each team.
This is slightly painful and opaque since:
- Information is duplicated. Security policies are slightly different from one another.
- Someone checking the compliance can't know what people are checking against. It's possible but feels weird.
- There's no list of teams who have a security policy.
- There's no possibility of some from outside of team to review the security policy of a team.
Why don't we move all security policies in summit.git? Everybody who has to follow such a policy would already have access to summit.git.