Add notes about technical credentials

I think it's good for us to have a stated policy around who gets access to what. In thinking about this today, I realized, for example, that the internal mailing lists had only one owner: me. This is potentially problematic, and so I added Tom, as Vice Chair.

There are other bits of credentialing that should be detailed here. Please feel free to add to the list, or suggest changes to policy. My goal here is to document the status quo, not necessarily to say this is how it should be (though I don't see any need for changes).

This is not an Official Board Policy, per se, and does not need Approval for merging. But I'd still be happy for eyes on this.