chore: create scorecard.yml

[rvema]

Enabling OpenSSF Scorecard would help git-proxy project improve its security practices and help consumers evaluate the safety of their dependencies.

Fixes #675

[linux-foundation-easycla[bot]]

The committers listed above are authorized under a signed CLA.

• :white_check_mark: login: rvema / name: Ragha Vema (6ec4e22d15939b212117a1ddb5fdca727985d5bd, f24fa32705ee6936d7df420519e5d2451d38d492)
• :white_check_mark: login: JamieSlome / name: Jamie Slome (1f2d698247ac0562ddd9d78095b573eab0521555)

[netlify[bot]]

✅ Deploy Preview for endearing-brigadeiros-63f9d0 canceled.

Name	Link
🔨 Latest commit	f24fa32705ee6936d7df420519e5d2451d38d492
🔍 Latest deploy log	https://app.netlify.com/sites/endearing-brigadeiros-63f9d0/deploys/66b3a2d25fbbed000845d4a1

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 57.39%. Comparing base (118678d) to head (f24fa32). Report is 1 commits behind head on main.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #676 +/- ## ======================================= Coverage 57.39% 57.39% ======================================= Files 46 46 Lines 1582 1582 ======================================= Hits 908 908 Misses 674 674 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[JamieSlome]

@rvema - thank you for your PR 👍 ❤️ A great idea to get this added to the project.

Are you able to take a look at the FINOS EasyCLA? You'll need to sign this before your PR can be merged.

[JamieSlome]

@rvema - shall we also include a badge in the README.md with the score?

[rvema]

Sure , let me add the badge and sign the cla

[rvema]

@JamieSlome added the badge but the score will not be there and will autofix once it runs at least 1 time on push. For now it will be run on every push to main branch and on a schedule

[JamieSlome]

Thank you for the contribution @rvema ❤️

Hopefully the first of many!