Add guidance for package maintenance

[desi]

Cover topics like:

• Use the module template
• Follow SemVer
• Changelog maintenance
• Testing prerelease builds locally and on CI
  • e.g. yarn link or file:// for local, preview builds for CI
• dependencies vs peerDependencies vs devDependencies

Notes:
This message was on Slack and should be included in the guidelines in some way:
PSA: There are two primary ways that we communicate changes we've make to our NPM packages to consumers. Changelogs are one of them, but we also use versions as a coarse indicator as well. I have seen several instances over time where a version for a released package was bumped in a way that either oversells or undersells the changes inside of that release. For instance:

• Bumping the minor part of a version if new functionality was not being added, when only the patch should have been bumped
• Bumping only the patch part of a version when new functionality was added, when the minor should have been bumped
• Not bumping the major part of a version when breaking changes are introduced

As a reminder, we use SemVer to assign new versions for packages. I would recommend everyone read this when they get a chance, especially the "Why Use" section and the FAQ.