chore: add dependencies upgrade policy to readme (#39224)

* chore: add dependencies upgrade policy to readme

as per wg-releases july 19 meeting

https://docs.google.com/document/d/1XWdD4uAu9m8Gcpiw1j5fLwwZ_hU4rce9JyTpuKU6uM8/edit?pli=1

Co-authored-by: George Xu <33054982+georgexu99@users.noreply.github.com>

* Update CONTRIBUTING.md

Co-authored-by: David Sanders <dsanders11@ucsbalum.com>

Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>

---------

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: George Xu <33054982+georgexu99@users.noreply.github.com>
Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>

CONTRIBUTING.md

@@ -60,6 +60,10 @@ dependencies, and tools contained in the `electron/electron` repository.
   * [Step 11: Landing](https://electronjs.org/docs/development/pull-requests#step-11-landing)
   * [Continuous Integration Testing](https://electronjs.org/docs/development/pull-requests#continuous-integration-testing)
 
+### Dependencies Upgrades Policy
+
+Dependencies in Electron's `package.json` or `yarn.lock` files should only be altered by maintainers. For security reasons, we will not accept PRs that alter our `package.json` or `yarn.lock` files. We invite contributors to make requests updating these files in our issue tracker. If the change is significantly complicated, draft PRs are welcome, with the understanding that these PRs will be closed in favor of a duplicate PR submitted by an Electron maintainer.
+
 ## Style Guides
 
 See [Coding Style](https://electronjs.org/docs/development/coding-style) for information about which standards Electron adheres to in different parts of its codebase.