sigstore
Update community membership guidelines
Overall, the ladder structure remains the same, moving from a community member, to a project participant, to a project leader. The goal of these proposed changes is to encourage more community participation.
The primary difference is the change from a Triage role to a Reviewer role. "Triage" did not align well with GitHub permissions, and could be interpreted as granting the ability to review PRs without any control. I have clarified that the now-called "Reviewer" role should be granted the permission to approve a PR for merge, but not have the permission to merge it. This should hopefully encourage community members who are active in the codebase but not yet familiar with the entire project to participate more and become more familiar through code reviews.
I have also clarified the requirements of a codeowner and reviewer to emphasize their difference. A reviewer should have knowledge of the code but not necessarily a complete understanding of the codebase and its intricacies, while a codeowner should have a holistic understanding to determine when there are backward compatibility issues, security concerns, API breakage, etc.
With these changes, we can also move towards an entirely GH-team-based permission model, with "reviewer" and "codeowner" teams per-repo.
Fixes https://github.com/sigstore/community/issues/52
