CI: Add Scorecard workflow

[AdamKorcz]

Purpose of this PR

This PR adds the Scorecard action to Spark-Operator’s CI.

Scorecard is a tool that scans for a number of supply-chain threats and assesses whether Spark-Operator mitigates these threats. Running Scorecard allows projects to avoid degradation in its development pipeline, ie. the action continuously monitors for all Scorecards heuristics and alerts if a given PR increases the risk of a given threat. Projects can also add a badge to demonstrate their Scorecard score.

I highly recommend enabling the “Branch-Protection” check which is disabled in this PR, however, for instructions on enabling it, see the workflow.

Change Category

• Bugfix (non-breaking change which fixes an issue)
• Feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that could affect existing functionality)
• Documentation update

Rationale

Checklist

• I have conducted a self-review of my own code.
• I have updated documentation accordingly.
• I have added tests that prove my changes are effective or that my feature works.
• Existing unit tests pass locally with my changes.

Additional Notes

[google-oss-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign chenyi015 for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment