add openssf scorecard scanning/badge and clomonitor exemption

[Jdubrick]

Please specify the area for this PR

What does does this PR do / why we need it:
This addresses the adding of certain open source best practices that we are adding to all of our repositories. These practices include the scorecard code scanning tool that checks for security vulnerabilities in our repositories as well as providing a score for the repository in the form of a badge. Additionally it adds the badge for the best practices checklist.

Note that on the CLOMonitor there will be missing checks for Artifact Hub and Recent Release. I don't see a point in marking Artifact Hub as exempt if there is items that can be added for this repository, and there are issues open to add them (helm charts). For Recent Release there was a release in 2022 but the check is only for <= 1 year. This will be remedied whenever a new release comes along and should not be exempted also.

Which issue(s) this PR fixes:

fixes devfile/api#1387

PR acceptance criteria:

• Test Coverage
  • Are your changes sufficiently tested, and are any applicable test cases added or updated to cover your changes?

Documentation (WIP)

• Does the REST API doc need to be updated with your changes?
• Does the registry library doc need to be updated with your changes?

How to test changes / Special notes to the reviewer:

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (35722ec) 35.58% compared to head (87164a6) 35.58%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #196   +/-   ##
=======================================
  Coverage   35.58%   35.58%           
=======================================
  Files           7        7           
  Lines        1360     1360           
=======================================
  Hits          484      484           
  Misses        829      829           
  Partials       47       47           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[thepetk]

For Recent Release there was a release in 2022 but the check is only for <= 1 year. This will be remedied whenever a new release comes along and should not be exempted also.

@Jdubrick FYI there is an open issue for the new release here: devfile/api#1398. I've added a comment inside the issue to link this PR so the assignee will now that further actions might be required :)

[thepetk]

/lgtm

Based on the previous PRs of other devfile repos :)

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Jdubrick, thepetk

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [Jdubrick,thepetk]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment