Adopt recommendations for securing open source software projects

[trumant]

Is your feature request related to a problem? Please describe.
The project has an opportunity to advance its security posture through the adoption of some community recommendations and security best practices.

Describe the solution you'd like
I'd like to see the project adopt the following in pursuit of improving the security of the project and improving the project's communication of its security posture:

• Improve the security tooling used within the project by introducing
  • automated dependency management configuration for Dependabot
  • SCA and SAST security scans during pre-commit and CI pipelines
  • gitleaks integration in pre-commit
• Assess the project against guidance from the OpenSSF's OSPS Baseline and publish the results of the assessment
• Maintain a security-insights.yml conforming to the OpenSSF's Security Insights spec that provides a machine-readable description of the project's security practices
• Publish a security policy. A simple example that may work for the project can be found in https://github.com/ossf/security-insights/security/policy

Describe alternatives you've considered
None

Additional context
I'm filing this issue with the intent to contribute the majority, if not the totality, of these suggested changes.

[trumant]

@dylanbouchard I'm going to move

Publish a security policy. A simple example that may work for the project can be found in https://github.com/ossf/security-insights/security/policy

from this issue into it's own issue, after which this issue can likely be closed as complete.