releases: add release notes for v0.7.0

Details on the release

Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>

releases/v0.7.0.md

@@ -0,0 +1,59 @@
+# Release Notes for v0.7.0
+Release Date: July 24th, 2023
+
+Please see the [quickstart guide](../quickstart.md) for details on how to try out Confidential
+Containers.
+
+Please refer to our [Acronyms](https://github.com/confidential-containers/documentation/wiki/Acronyms)
+and [Glossary](https://github.com/confidential-containers/documentation/wiki/Glossary) pages for a
+definition of the acronyms used in this document.
+
+## What's new
+- Flexible instance types/profiles support for peer-pods
+- Ability to use CSI Persistent Volume with peer-pods on Azure and IBM Cloud
+- EAA-KBC/Verdictd support removed from enclave-cc
+- Baremetal SNP without attestation available via operator
+- Guest components (`attestation-agent`, `image-rs` and `ocicrypt-rs`) merged into [one repository](https://github.com/confidential-containers/guest-components/)
+- Documentation and community repositories merged together
+
+## Hardware Support
+Confidential Containers is tested with attestation on the following platforms:
+- Intel TDX
+- AMD SEV(-ES)
+- Intel SGX
+
+The following platforms are untested or partially supported:
+- IBM Secure Execution (SE) on IBM zSystems (s390x) running LinuxONE
+- AMD SEV-SNP
+
+The following platforms are in development:
+- ARM CCA
+
+## Limitations
+The following are known limitations of this release:
+
+- Platform support is rapidly changing
+  * Image signature validation with AMD SEV-ES is not covered by CI.
+- SELinux is not supported on the host and must be set to permissive if in use.
+- The generic KBS does not yet supported all platforms. 
+- The format of encrypted container images is still subject to change
+  * The [oci-crypt](https://github.com/containers/ocicrypt) container image format itself may still change
+  * The tools to generate images are not in their final form
+  * The image format itself is subject to change in upcoming releases
+  * Not all image repositories support encrypted container images. 
+- CoCo currently requires a custom build of `containerd`, which is installed by the operator.
+  * Codepath for pulling images will change significantly in future releases.
+  * `crio` is only supported with `cloud-api-adaptor`.
+- Complete integration with Kubernetes is still in progress. 
+  * OpenShift support is not yet complete.
+  * Existing APIs do not fully support the CoCo security and threat model. [More info](https://github.com/confidential-containers/community/issues/53)
+  * Some commands accessing confidential data, such as `kubectl exec`, may either fail to work, or incorrectly expose information to the host
+  * Container images must be downloaded separately (inside guest) for each pod. [More info](https://github.com/confidential-containers/community/issues/66)
+- The CoCo community aspires to adopting open source security best practices, but not all practices are adopted yet.
+  * We track our status with the OpenSSF Best Practices Badge, which remained at 64% at the time of this release.
+  * Vulnerability reporting mechanisms still need to be created. Public github issues are still appropriate for this release until private reporting is established.
+
+
+## CVE Fixes
+
+None