Define suggested funding opportunities for packages in best-practices

[tim-schilling]

@cunla has worked with thanks.dev to arrange a way for packages to receive funding directly to the maintainers rather than to the django-commons org 🎉

The suggested security policy from #76 will be sufficient for Tidelift's security policy and should be another recommended option. The last one that we can recommend is configuring EthicalAds through ReadTheDocs.

• Define template funding.yml (sp?) for repos. @cunla can you link this to the right place?
• Define funding documentation
  • Mention tidelift
  • Mention ethical ads through ReadTheDocs
• Include default option to have these funds go directly to the Django Software Foundation without hitting people's accounts to avoid tax obligations

If folks have other recommendations or suggestions, please add them here.