🔧 Repository: community plugins vetting process for becoming an organisation member

[BethGriggs]

We need to document a vetting process for the process for plugin maintainers to request to become organization members, specifically as we use CODEOWNERS files which error with the following if not satisfied:

Unknown owner on line _: make sure user exists and has write access to the repository

From GOVERNANCE.md#organization-member:

... Or is the member of a team that owns a project area, in which case the above requirements do not apply and the member is instead vetted by the project area maintainers

As this involves granting write access, we should have some vetting while also being cautious to not create too high barriers for new plugin maintainers. In other projects I've worked in, we've used questions like these to assist the vetting:

• Is the individual a member of other teams in Backstage?
• Length and consistency of involvement with Backstage plugins and/or Backstage community
• Are there other contributors or plugin maintainers who work with the individual and can vouch for them?
• Do they have a contactable employer or employer with investment in the Backstage community? (Only relevant to validate if there would be consequences to the individual in case of misbehaviour)

Thoughts?