0.2.0 Administrative Security Review

This ticket documents the administrative security review performed against tag 0.2.0 of the nshmp-ws-static project.

Question about https://code.usgs.gov/ghsc/nshmp/nshmp-ws-static/-/blob/main/src/main/java/gov/usgs/earthquake/nshmp/netcdf/www/NetcdfController.java

Saw reference to http. should it be https?

Otherwise looks good, saw no PII or internal config information. Noted presence of disclaimer and license files.