add scorecard workflow and badge

[Jdubrick]

What does this PR do?

This PR implements the GitHub workflow required for the OpenSSF scorecard badge to be used. This scans the code on each pull request and looks for security issues. To rate repositories on their adherence to best practices it allocates a score after each run that is displayed as part of a badge in the readme.

This issue is identical to the one in devfile/library here: devfile/library#195

Which issue(s) does this PR fix

fixes devfile/api#1384

PR acceptance criteria

Testing and documentation do not need to be complete in order for this PR to be approved. We just need to ensure tracking issues are opened.

• Unit/Functional tests

• Documentation

How to test changes / Special notes to the reviewer

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (feaece4) 73.16% compared to head (68eb222) 73.16%.

❗ Current head 68eb222 differs from pull request most recent head 21f5185. Consider uploading reports for the commit 21f5185 to get more accurate results

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #42   +/-   ##
=======================================
  Coverage   73.16%   73.16%           
=======================================
  Files          11       11           
  Lines        1565     1565           
=======================================
  Hits         1145     1145           
  Misses        351      351           
  Partials       69       69           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[thepetk]

left a minor comment :)

[thepetk]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Jdubrick, thepetk

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [Jdubrick,thepetk]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment