doc: add req for sec wg review in some cases

mhdawson · mhdawson · commit 260f937cb4e1 · 2018-07-19T18:07:38.000-04:00
Some recent dicsussions point to it being a good idea to require reviews from the security-wg for security related PRs. See nodejs#21766 Add this requirement to the collaborator guide.
diff --git a/COLLABORATOR_GUIDE.md b/COLLABORATOR_GUIDE.md
@@ -20,6 +20,7 @@
     - [Breaking Changes to Internal Elements](#breaking-changes-to-internal-elements)
     - [When Breaking Changes Actually Break Things](#when-breaking-changes-actually-break-things)
       - [Reverting commits](#reverting-commits)
+  - [Additions to the Cryptography and Security APIs](#additions-to-the-cryptography-and-security-apis)
   - [Introducing New Modules](#introducing-new-modules)
   - [Deprecations](#deprecations)
   - [Involving the TSC](#involving-the-tsc)
@@ -378,6 +379,16 @@ multiple commits. Commit metadata and the reason for the revert should be
 appended. Commit message rules about line length and subsystem can be ignored.
 A Pull Request should be raised and approved like any other change.
 
+### Additions to the Cryptography and Security APIs
+
+Semver-minor commits that add or change cryptograpy/security APIs should be
+treated with extra care. Due to the potential impact, it is important that
+these APIs be constructed to reduce the potential for incorrect
+usage.
+
+These commits must have an approval from at least one member from the 
+[security working group](https://github.com/nodejs/security-wg).
+
 ### Introducing New Modules
 
 Semver-minor commits that introduce new core modules should be treated with
