Create policy for adding or updating tests

[taladrane]

Address OSPS-QA-06.03 security baseline requirement.

Requirement: While active, the project's documentation MUST include a policy that all major changes to the software produced by the project should add or update tests of the functionality in an automated test suite.

Recommendation: Add a section to the contributing documentation that explains the policy for adding or updating tests. The policy should explain what constitutes a major change and what tests should be added or updated.

Control applies to: Maturity Level 3

External Framework Mappings
BPB: Q-B-4, Q-B-8, Q-B-9, Q-B-10, Q-S-2
CRA: 2.3
SSDF: PW.8.2
CSF: ID.AM-02
ISO-18974: 4.1.5
OpenCRE: 207-435, 088-377
Scorecard: CI-Tests
PSSCRM: P4.1, P4.2, P4.3, P4.4, E2.4, E2.5
SAMM: Verification-Requirements -Testing -Control Verification Lvl1, Verification-Requirements -Testing -Control Verification Lvl2, Verification-Requirements -Testing -Control Verification Lvl3, Verification -Security Testing -Scalable Baseline Lvl3
PCIDSS: 6.2.3, 6.3.1, 6.3.2, 6.4.2
800-161: SA-11, SA-15, SR-3

https://baseline.openssf.org/versions/2025-10-10#osps-qa-0603