Dependency health

[jangevaare]

Add advice about checking and monitoring package health when including as project dependency. Services like
snyk and trivy can be used.

Add comment about R packages as well, perhaps incorporating information from reference: https://support.posit.co/hc/en-us/articles/360042593974-R-and-R-Package-Security

[kassyray]

Another reference that may also be useful:

• https://support.posit.co/hc/en-us/articles/206827897-Secure-Package-Downloads-for-R

[jangevaare]

https://github.com/m-ahmed-elbeskeri/Starguard Another potential tool/reference