docs: add community health files (#1)

* docs: add SECURITY.md with vulnerability reporting policy

* docs: add CODE_OF_CONDUCT.md (Contributor Covenant v2.1)

* docs: add bug report issue template

* docs: add feature request issue template

* docs: add pull request template

Author: chrisdpurcell

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,39 @@
+---
+name: Bug Report
+about: Report something that is not working correctly
+title: "[Bug] "
+labels: bug
+assignees: ""
+---
+
+## Description
+
+A clear description of what the bug is.
+
+## Steps to reproduce
+
+1. Go to ...
+2. Click on ...
+3. Observe ...
+
+## Expected behavior
+
+What you expected to happen.
+
+## Actual behavior
+
+What actually happened.
+
+## Environment
+
+- **OS**: (e.g., Fedora 43, Ubuntu 24.04)
+- **Python version**: (e.g., 3.14)
+- **TextTools version/commit**: (e.g., main branch, commit abc1234)
+
+## Screenshots
+
+If applicable, add screenshots to help explain the problem.
+
+## Additional context
+
+Any other information that might help diagnose the issue.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,23 @@
+---
+name: Feature Request
+about: Suggest an idea or improvement
+title: "[Feature] "
+labels: enhancement
+assignees: ""
+---
+
+## Problem or motivation
+
+What problem does this solve, or what workflow does it improve?
+
+## Proposed solution
+
+Describe how you'd like it to work.
+
+## Alternatives considered
+
+Any alternative approaches you've thought about.
+
+## Additional context
+
+Mockups, examples from other tools, or anything else that helps explain the request.

.github/pull_request_template.md

@@ -0,0 +1,29 @@
+## What does this PR do?
+
+Brief description of the changes.
+
+## Related issue
+
+Closes #(issue number)
+
+## Type of change
+
+- [ ] Bug fix
+- [ ] New feature
+- [ ] Refactoring (no functional changes)
+- [ ] Documentation update
+- [ ] Test improvement
+- [ ] CI/build change
+
+## Testing
+
+- [ ] Existing tests pass (`pytest tests/`)
+- [ ] New tests added for changed behavior
+- [ ] Type checking passes (`mypy src/`)
+
+## Checklist
+
+- [ ] Code follows the MVVM architecture (see CLAUDE.md)
+- [ ] No Qt imports in model or service layers
+- [ ] UI changes use Qt Designer `.ui` files (no programmatic layout)
+- [ ] Black and isort formatting applied

CODE_OF_CONDUCT.md

@@ -0,0 +1,57 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment:
+
+- Using welcoming and inclusive language
+- Being respectful of differing viewpoints and experiences
+- Gracefully accepting constructive criticism
+- Focusing on what is best for the community
+- Showing empathy towards other community members
+
+Examples of unacceptable behavior:
+
+- The use of sexualized language or imagery, and sexual attention or advances of any kind
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information without explicit permission
+- Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement via GitHub issues
+or direct contact with the maintainer.
+
+All complaints will be reviewed and investigated promptly and fairly.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org),
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html](https://www.contributor-covenant.org/version/2/1/code_of_conduct.html).

SECURITY.md

@@ -0,0 +1,34 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in TextTools, please report it responsibly.
+
+**Do not open a public issue.** Instead, email the maintainer directly or use GitHub's private vulnerability reporting feature (Security tab > "Report a vulnerability").
+
+### What to include
+
+- Description of the vulnerability
+- Steps to reproduce
+- Affected version(s)
+- Any potential impact you've identified
+
+### Response timeline
+
+- **Acknowledgment**: within 48 hours
+- **Assessment**: within 1 week
+- **Fix**: depends on severity, but we aim for prompt resolution
+
+### Supported versions
+
+| Version | Supported |
+|---------|-----------|
+| Latest on `main` | Yes |
+| Older commits | No |
+
+## Scope
+
+TextTools is a local desktop application. Security concerns most likely involve:
+- File handling vulnerabilities (path traversal, symlink attacks)
+- Unsafe deserialization of user-provided data
+- Dependencies with known CVEs