Add Bug Bounty & Feature Request Program documentation

[Copilot]

Establishes the community Bug Bounty & Feature Request Program as a top-level BOUNTY.md and surfaces it in the README.

Changes

• BOUNTY.md (new): Full program spec — eligibility, bounty tiers (Critical/$500–$2,500 → Low/$10–$50 + Feature/negotiable), submission process, payment terms, and guidelines. Marked "Work in Progress — Not Confirmed Yet."
• README.md: Added "Contributing & Bug Bounty" section linking to BOUNTY.md.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Bug Bounty & Feature Request Program</issue_title>
<issue_description># Bug Bounty & Feature Request Program

Status: Work in Progress - Not Confirmed Yet
This document is under development and subject to change. Terms and conditions are not finalized.

Program Overview

We value contributions from the community. This bounty program incentivizes developers to identify and resolve bugs, implement features, and improve our codebase.

Eligibility

• Open to all contributors worldwide
• Employees and their direct family members are not eligible
• One submission per person per issue
• Contributors must follow the project's Code of Conduct

Bounty Tiers

Critical Severity

• Reward: $500 - $2,500
• Criteria: Security vulnerabilities, data loss, complete feature breakdown
• Examples: SQL injection, authentication bypass, data corruption

High Severity

• Reward: $250 - $500
• Criteria: Significant functionality impairment, performance degradation
• Examples: Major bugs affecting core features, memory leaks

Medium Severity

• Reward: $50 - $250
• Criteria: Partial feature failure, inconsistent behavior, usability issues
• Examples: Edge case bugs, UI inconsistencies, minor performance issues

Low Severity

• Reward: $10 - $50
• Criteria: Minor bugs, documentation improvements, code quality enhancements
• Examples: Typos, broken links, code style improvements

Feature Implementation

• Reward: Negotiable based on scope
• Criteria: New features aligned with project roadmap
• Process: Discuss scope in issue before starting work

Submission Process

1. Check existing issues to avoid duplicates
2. Create a detailed issue with reproduction steps
3. Include environment details (OS, version, dependencies)
4. For security issues, report privately to security@example.com
5. Include a pull request with a proposed fix (optional but recommended)
6. Maintainers will review and assess bounty eligibility

Payment Terms

• Payouts processed within 30 days of merge
• Minimum bounty: $10
• Payment via bank transfer, PayPal, or project-specific arrangement
• Taxes are the responsibility of the recipient

Guidelines

• Do not publicly disclose vulnerabilities before they're fixed
• Provide clear, reproducible reports
• Be respectful in all communications
• One bounty per issue (no duplicate payments)
• Bounty amount determined at maintainers' discretion

Important Notes

• This program is offered at our discretion and may be modified
• Bounties are non-negotiable after payout
• Quality of submission affects bounty amount
• Automated or low-effort submissions may be declined

---

For questions, contact: bounty@example.com</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Bug Bounty & Feature Request Program #29

---

⚡ Quickly spin up Copilot coding agent tasks from anywhere on your macOS or Windows machine with Raycast.