docs: update CONTRIBUTING.md to clarify guidelines

Signed-off-by: Miguel Nogueira <me@nogueira.codes>

CONTRIBUTING.md

@@ -3,12 +3,15 @@
 ## Table of Contents
 - [Code of Conduct](#code-of-conduct)
 - [How to Contribute](#how-to-contribute)
-  - [Sign your Work](#sign-your-work)
   - [Commit Structure](#commit-structure)
-  - [Pull Request Guidelines](#prs-and-commits)
+  - [PRs and Commits](#prs-and-commits)
+    - [Sign your Work](#sign-your-work)
+    - [All that bureaucracy...](#all-that-bureaucracy)
+  - [Software versions](#software-versions)
 - [License](#license)
 - [Contact](#contact)
 - [Responsible disclosure](#responsible-disclosure)
+- [Use of this CONTRIBUTING.md file](#use-of-this-contributingmd-file)
 
 ## Code of Conduct
 
@@ -20,10 +23,6 @@ Any and all contributions will need to abide by our community contribution guide
 
 Contributions are welcome. Simply register for a free account at [Webvoke Studio's Gitea instance](https://code.webvokestudio.pt/user/sign_up) to start contributing. To get started quickly, feel free to sign up with your existing GitHub account.
 
-### Sign your work
-
-**ALL** contributions must be signed with your PGP key (which must also be added to your Gitea profile and published to a key server), no matter how small. PRs with unsigned commits will be closed. If you're not sure how to sign your commits, check out GitHub's [GPG guide](https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key), [Git configuration](https://docs.github.com/en/authentication/managing-commit-signature-verification/associating-an-email-with-your-gpg-key) guide and [commit signing](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) guides, respectively.
-
 ### Commit Structure
 
 We follow the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) commit structure; this is both human and machine-friendly, ensuring clean and uniform commit messages across the board.
@@ -51,6 +50,25 @@ The main branch is protected; For new features, bug fixes, or improvements, fork
 
 You should then be able to create a PR to merge your branch into main. Make sure the PR is as descriptive as possible. *DON'T FORGET TO SIGN YOUR WORK*.
 
+### Sign your work
+
+**ALL** contributions must be signed with your PGP key (which must also be added to your Gitea profile and published to a key server), no matter how small. PRs with unsigned commits will be closed. If you're not sure how to sign your commits, check out GitHub's [GPG guide](https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key), [Git configuration](https://docs.github.com/en/authentication/managing-commit-signature-verification/associating-an-email-with-your-gpg-key) guide and [commit signing](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) guides, respectively.
+
+
+Also, including ``Signed-off-by [Your Name] <you@email.com>`` is a requirement for everyone submitting PRs and commits.
+
+Signing off your work is as simple as including the ``--signoff`` git command option. This lets us easily track who did what and provides additional protection for our project.
+
+By signing off your work, you agree to the [Developer Certificate of Origin](https://developercertificate.org). 
+
+### All that bureaucracy...
+
+You might think that these contribution requirements present a high barrier to entry, and you'd be right! Signing your commits with your key as well as signing them off is a no-brainer once everything is configured and automated. You don't need to do this manually every commit! Creating a key is also pretty simple given that you can follow the guides GitHub published.
+
+These requirements help fend off spam contributions and keep everyone accountable and on the same page. They're useful for any project, big and small, learning adventure or production software.
+
+## Software versions
+
 **Ruby version**
 
 We're using Ruby 3.2.3 for this project.
@@ -73,4 +91,10 @@ Please add your name here; Email is not necessary unless you've already configur
  
 While this is mostly a hobby/learning project written during a Programming class, it's still important to fix any possible vulnerabilities in the code; Especially because beginner developers might expose themselves to external risk and threats if they deploy this code to production.
 
-As such, if you find a vulnerability, please send an email to the project maintainer and make sure that it's signed with your key and encrypted with PGP Key ID ``E7EC6E9F446392D20AC7B6DF66F99BACACB8DC54``.
+As such, if you find a vulnerability, please send an email to the project maintainer and make sure that it's signed with your key and encrypted with PGP Key ID ``E7EC6E9F446392D20AC7B6DF66F99BACACB8DC54``.
+
+## Use of this CONTRIBUTING.md file
+
+This file may be used as a template for any open source projects along with its accompanying files, excluding LICENSE.md, as long as you include this message with due credit.
+
+If you do decide to use this file as a template, make sure to edit the necessary bits, such as the contact section, disclosure section, etc, in order to fit your needs.