implement openssf best practices changes

[Jdubrick]

What does this PR do?

This PR implements changes to the repository to align us more closely with OpenSSF and CNCF best practices. Below is a summary and explanation of all the changes:

OpenSSF Badges

These badges are displayed in the readme so that anyone can view them and see how the repository is adhering to these practices. The Best Practices badge can be filled out and viewed in more detail here.

The Scorecard badge gives the repository a score based on how secure it is. A summary of that can be found here.

Scorecard GitHub Workflow

This is tied to the Scorecard badge and is the code scanning aspect of it. This provides vulnerability scanning on the repository and will provide us with information regarding found vulnerabilities. More information about this scanning can be found here.

CLOMonitor Exemption

This exemption has been added to every devfile repository as we decided we are not going to implement it.

Contributing

In order to standardize our repositories and adhere to the best practices we should have contributing instructions for anyone who wants to add to this project. The contributing file is the same format as all of the other devfile repositories. For the issues section I included a link to the issues contained in this repository as it looks like you are storing issues there instead of in devfile/api.

What issues does this PR fix or reference?

fixes https://github.com/devfile/api/issues/1389

Is it tested? How?

All changes were either made to documentation files or by adding new files unrelated to the project function.

PR Checklist

• [ ] E2E tests pass (when PR is ready, comment /test v8-devworkspace-operator-e2e, v8-che-happy-path to trigger)
  • [ ] v8-devworkspace-operator-e2e: DevWorkspace e2e test
  • [ ] v8-che-happy-path: Happy path for verification integration with Che

[github-advanced-security[bot]]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (a371b8e) 52.74% compared to head (994e896) 52.74%. Report is 2 commits behind head on main.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #1216 +/- ## ======================================= Coverage 52.74% 52.74% ======================================= Files 84 84 Lines 7616 7616 ======================================= Hits 4017 4017 Misses 3310 3310 Partials 289 289 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[Jdubrick]

I don't have write access to this repo, would one of the approvers be able to merge? Thank you :)

[openshift-ci[bot]]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: amisevsk, AObuchow, ibuziuk, Jdubrick

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/devfile/devworkspace-operator/blob/main/OWNERS)~~ [AObuchow,amisevsk] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment