ci: Add OSSF Scorecard GitHub action

[matthewfeickert]

Description

• Add the Open Source Security Foundation (OSSF) scorecard GitHub action to perform security tests
  • c.f. https://github.com/ossf/scorecard-action
• Change from using branch protection rules to using repository rulesets to allow for use of action without personal access tokens.
  • c.f. https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets
  • c.f. https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional
• Recommended as part of SPEC-8: Supply-Chain Security.
  • c.f. SPEC-8: Supply-Chain Security scientific-python/summit-2024#9

Checklist Before Requesting Reviewer

• Tests are passing
• "WIP" removed from the title of the pull request
• Selected an Assignee for the PR to be responsible for the log summary

Before Merging

For the PR Assignees:

• Summarize commit messages into a comprehensive review of the PR

* Add the Open Source Security Foundation (OSSF) scorecard GitHub action
  to perform security tests.
   - c.f. https://github.com/ossf/scorecard-action
* Change from using branch protection rules to using repository rulesets
  to allow for use of action without personal access tokens.
   - c.f. https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets
   - c.f. https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional
* Recommended as part of SPEC-8: Supply-Chain Security.
   - c.f. https://discuss.scientific-python.org/t/spec-8-supply-chain-security/1163

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.21%. Comparing base (39d56f1) to head (199a50b).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2482   +/-   ##
=======================================
  Coverage   98.21%   98.21%           
=======================================
  Files          69       69           
  Lines        4543     4543           
  Branches      804      804           
=======================================
  Hits         4462     4462           
  Misses         48       48           
  Partials       33       33           

Flag	Coverage Δ
contrib	97.79% <ø> (ø)
doctest	98.08% <ø> (ø)
unittests-3.10	96.23% <ø> (ø)
unittests-3.11	96.23% <ø> (ø)
unittests-3.12	96.23% <ø> (ø)
unittests-3.8	96.25% <ø> (ø)
unittests-3.9	96.27% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[matthewfeickert]

I'm going to approve and merge this myself. As always, PRs approved by a single core dev can be reverted as needed by the rest of the dev team.