Issue Description

The project currently lacks a dedicated governance document required for OSSF (Open Source Security Foundation) Best Practices Silver badge compliance.

OSSF Requirement ([governance]):

The project MUST clearly define and document its project governance model (the way it makes decisions, including key roles). (URL required)

Current gaps identified:

Proposed deliverables:

1. Create GOVERNANCE.md in repository root with:

   • Explicit governance model statement (maintainer-led under Microsoft sponsorship)
   • Roles section (Maintainers, Contributors, Reviewers)
   • Decision-making process (routine changes, new features, breaking changes, governance changes)
   • Dispute resolution procedure
   • Process for modifying governance

2. Update cross-references in:

   • README.md - Add governance link in Legal section
   • CONTRIBUTING.md - Reference governance for maintainer authority

Acceptance criteria:

• GOVERNANCE.md exists in repository root with required frontmatter
• Document defines governance model type explicitly
• Document lists key roles with responsibilities
• Document describes decision-making process for different change types
• Document includes dispute resolution procedure
• README.md links to governance document
• CONTRIBUTING.md references governance for decision authority
• All markdown validation passes (npm run lint:md)

Additional Context

Reference: OSSF Best Practices Badge - Governance criterion

Existing partial coverage:

• CODEOWNERS - Lists @microsoft/edge-ai-core-dev as code owners
• CONTRIBUTING.md - Describes contribution workflow
• docs/contributing/release-process.md - Has "For Maintainers" section
• CODE_OF_CONDUCT.md - Covers behavior standards (not governance)