Project Principles, Readme & Contributing

[liamdennehy]

In order to help smooth out discussions I thought it useful to capture some guiding principles for this specification. Hopefully these can be agreed on and used as a reference point for future and existing issues. This also captures the "tribal knowledge" formally, which I think is useful. Right now these are buried deep in some lengthy issue discussions.

To illustrate:

The issues on permitting or denying multiple "Signature" headers cannot be resolved until we first agree multiple header instances are ok in any case, and how to sign multiple instance headers depends on answering the same question. Since the HTTP RFCs are not particularly clear, we need to either be strict or tolerant in our interpretation, but it should at least be consistent. I have formulated the first bullet under the principle "Simple and Compatible" with this in mind, hopefully in a way that does not cause controversy.

I suggest opening new issues with the "project" tag for specific issues rather than going down the comments road here, and tagging this PR in those issues.