README: update with information about Composer >= 2.2

[jrfnl]

README: update with information about Composer >= 2.2

As of Composer 2.2.0, Composer plugins need to be explicitly allowed to run.

This updates the readme to inform users of this mechanism.

Ref: https://blog.packagist.com/composer-2-2/#more-secure-plugin-execution

README: update coding standards dev code sample

... to be a little more realistic for current dev.

🆕 README: add information about adding permission via CLI

[Potherca]

I was wondering if, based on this, we need to add --no-interaction anywhere in our pipelines? :thinking:

[jrfnl]

I was wondering if, based on this, we need to add --no-interaction anywhere in our pipelines? 🤔

We don't (need to).

The thing is, when doing a composer install/update for this project itself, you don't get the question as this is a Composer plugin. The code of this plugin won't run on itself. I tested as I wondered how this would work for projects which are Composer plugins, but the plugin is not run on itself and that behaviour is the same as before.

That's also why in the test scrips in the CI, there a separate call to composer install-codestandards to run the script.

Other than that, we use ramsey/composer-install in most places and that will always add --no-interactionto the command.

[jrfnl]

Reviewed the scripts now and found a few places we could add --no-interaction. Commit added to PR #140.

[Potherca]

Good work!

[jrfnl]

Inspired by a similar README update I saw in the Composer Normalize README, I've added one more commit which shows the CLI command to add the permission.

[jrfnl]

Anything I can do to move this PR forward ?

[Potherca]

It was mostly a lack of time that kept this standing still.

I had a deadline at work that kept me busy throughout the holidays, and I had to help the kids with school as we were in quarantine. This coming week the kids are back to school and I have time of from work (we made the deadline :tada:), so I plan on catching up here and in other projects.