config scorecards

[carpenter79]

scorecard
#486

[what-the-diff]

PR Summary

• Introduction of a new security workflow
  A new workflow utilizing GitHub Actions has been added. It focuses on enhancing supply-chain security analysis. The workflow is located in a configuration file called scorecard.yml.

• Workflow activation settings
  The security workflow has been set up to initiate whenever branch protection rule events occur or every week on a fixed schedule.

• Job permissions
  The rights for this workflow have been established. They encompass security-events to allow for the upload of result information and id-token to facilitate the publication of results.

• Workflow steps
  The workflow includes specific steps to check the recent code, perform Scorecard analysis on it, and then upload the results of the analysis for further review. It also uploads these results to GitHub's Code Scanning Dashboard, a tool for observing the security of code.

• Public result publishing
  The workflow is enabled to publish results publicly, meaning that they can be accessible in public repositories. This feature comes with additional configurations to handle optional repository tokens and artifact uploads.