Evaluate possible integration with OpenSSF package analysis

[fridex]

See:

https://openssf.org/blog/2022/04/28/introducing-package-analysis-scanning-open-source-packages-for-malicious-behavior/ https://github.com/ossf/package-analysis

Let's check if data produced by this tool are valuable for Thoth. If so, let's see what our integration points look like.

• [ ] check what data and what format package-analysis produces for packages hosted on PyPI
• [ ] check if these data are suitable for prescriptions so that prescriptions are automatically created
• [ ] check if these data are suitable for solver rules to automatically block analyses of certain packages in a deployment

[sesheta]

@fridex: This issue is currently awaiting triage. If a refinement session determines this is a relevant issue, it will accept the issue by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[mayaCostantini]

/sig stack-guidance

[mayaCostantini]

/priority important-soon

[sesheta]

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

/lifecycle stale

[harshad16]

/remove-lifecycle stale /lifecycle frozen