maint: Update README.md and CONTRIBUTING.md to be explicit around Cross-Scope Privileges

[SapphicFire]

Important

Maintainer-specific issue, to be demonstrated on Week 2/3 Stream

Due to the varied nature and interactions of ActionPack contributions, the automations were set up such that Cross-scope Privileges and other security-related components cannot be included. This ensures that any of these are explicitly introduced by a customer/developer making use of these actions, who are thus expected to understand any risks and impact on their security posture.

A number of rejections under the Check Contribution automation relate to Cross-Scope Privileges, indicating that it would be valuable to be very explicit about this.

[Paulsylo25]

Hi Astrid,

Just to confirm my understanding the ask here is to update both README.md and CONTRIBUTING.md to explicitly mention that Cross-Scope Privileges are not allowed in ActionPack contributions, and to clarify this policy for contributors and users, right?

Can you confirm this ?

[Paulsylo25]

Hi Astrid,

Just to confirm my understanding the ask here is to update both README.md and CONTRIBUTING.md to explicitly mention that Cross-Scope Privileges are not allowed in ActionPack contributions, and to clarify this policy for contributors and users, right?

Can you confirm this ?

[SapphicFire]

@Paulsylo25 That is correct. However, I ask that you do not action this one as it is something I intend to display on the Thursday afternoon IST-friendly stream