packaging doc (#703)

checks/checks.md

@@ -86,6 +86,12 @@ This check tries to determine if the project uses a fuzzing system. It currently
 **Remediation steps**
 - Integrate the project with OSS-Fuzz by following the instructions [here](https://google.github.io/oss-fuzz/).
 
+## Packaging 
+
+This check tries to determine if the project is published as a package that other developers can install/download. The check currently only looks for GitHub packaging workflows. There is plan to add support for package manager hubs in the future. 
+
+**Remediation steps**
+
 ## Pull-Requests 
 
 This check tries to determine if the project requires pull requests for all changes to the default branch. It works by looking at recent commits (first page, ~30) and uses the GitHub API to search for associated pull requests. The check discards commits by usernames containing 'bot' or 'gardener'. The check considers a commit containing the string `Reviewed-on` as being reviewed through gerrit; and does not check for a corresponding PR. 

checks/checks.yaml

@@ -101,6 +101,14 @@ checks:
         To help update your dependencies after pinning them, use tools such as 
         Github's [dependabot](https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/)
         or [renovate bot](https://github.com/renovatebot/renovate).
+  Packaging:
+    description: >-
+      This check tries to determine if the project is published as a package
+      that other developers can install/download. The check currently only looks for
+      GitHub packaging workflows. There is plan to add support for package manager
+      hubs in the future.
+    remediaiton: >-
+      Publish your project as a downloadable package.
   Signed-Tags:
     description: >-
       This check looks for cryptographically signed tags in the last 5 tags. The