What: Allow non-collaborators to get notified about new PRs ready for review

[PushkarJ]

NOTE: We should let multiple folks review and approve this PR before merging Fixes https://github.com/cncf/tag-security/issues/947

• Uses an existing GitHub Action from Marketplace: necojackarc/[email protected] to allow notifying non-collaborators / codeowners about PRs that may be interesting to them
• Removes CODEOWNERS file entirely as it is redundant with this update. Repo access can still be managed via .github/settings.yml
• Fixes linting issues on supply-chain-security/README.md
• Updates governance and contributing markdown pages to reflect this change

Please read before reviewing

• The GitHub Action used has a risk of bus-factor or account take-over since it is a single user repo: https://github.com/necojackarc/auto-request-review. However, since the push access is still maintained by .github/settings.yml this could be a tolerable risk as the changes to main branch are unlikely without approval from a TL/Co-chair/Chair Emeriti.
• We are using an insecure option pull_request_target, because the action job needs write access to target repo cncf/tag-security in order to assign reviewers. However, we are restricting write permissions only to "pull requests" (IIUC, this should prevent github-action bot merging to main branch when compromised to run malicious code) and pinning the action to a specific version as mitigation. We should make a call on if this is reasonable or not.
• Please ensure https://github.com/cncf/tag-security/pull/971 is merged before merging this PR

Should also supersede https://github.com/cncf/tag-security/pull/944 once we add @lirantal under the supply chain security group

Signed-off-by: Pushkar Joglekar [email protected]