Introduce OpenSSF Security Insights manifest file for LFX Insights

[thompson-tomo]

As part of LFX Insights as well as CLO Monitor it is expected that code repositories have a security insights manifest file described in this spec. At time of writing only 1 repo contained this manifest file.

To support this Rollout an explanation of what is expected to be entered for the different questions in the lxf insights security insight questionnaire. For instance which users should be named.

[trask]

It sounds like CNCF is moving towards LFX Insights (https://insights.linuxfoundation.org/project/opentelemetry), so I'd suggest that we focus our efforts there.

[thompson-tomo]

So this would also be part of LFX Insights and in fact LFX Insights provides a tool to generate this file.

[trask]

great, can you reframe this issue around LFX Insights instead of CLOMonitor?