[MNT] Adding Scorecard.yml Workflow and Scorecard Badge GOSST

[PatriceJada]

Reference Issues/PRs

What does this implement/fix? Explain your changes.

This implementation integrates the OpenOSSF Scorecard, which provides an overview of the security health of the repository. The Scorecard analyzes the repository based on various security metrics, including code review, dependencies, CI/CD configurations, and more.

Does your contribution introduce a new dependency? If yes, which one?

Any other comments?

Part of GSOC

PR checklist

For all contributions

• I've added myself to the list of contributors. Alternatively, you can use the @all-contributors bot to do this for you.
• The PR title starts with either [ENH], [MNT], [DOC], [BUG], [REF], [DEP] or [GOV] indicating whether the PR topic is related to enhancement, maintenance, documentation, bugs, refactoring, deprecation or governance.

For new estimators and functions

• I've added the estimator to the online API documentation.
• (OPTIONAL) I've added myself as a __maintainer__ at the top of relevant files and want to be contacted regarding its maintenance. Unmaintained files may be removed. This is for the full file, and you should not add yourself if you are just making minor changes or do not want to help maintain its contents.

For developers with write access

• (OPTIONAL) I've updated aeon's CODEOWNERS to receive notifications about future changes to these files.

[aeon-actions-bot]

Thank you for contributing to aeon

I did not find any labels to add based on the title. Please add the [ENH], [MNT], [BUG], [DOC], [REF], [DEP] and/or [GOV] tags to your pull requests titles. For now you can add the labels manually.

The Checks tab will show the status of our automated tests. You can click on individual test runs in the tab or "Details" in the panel below to see more information if there is a failure.

If our pre-commit code quality check fails, any trivial fixes will automatically be pushed to your PR unless it is a draft.

Don't hesitate to ask questions on the aeon Slack channel if you have any.

[MatthewMiddlehurst]

Thanks for the PR and best of luck on your GSoC project. Let us know if you need any help from our side.

[MatthewMiddlehurst]

By the look of things requires google/oss-fuzz#12053 first?

[PatriceJada]

@MatthewMiddlehurst No, this is its own separate thing

[MatthewMiddlehurst]

Looks fine, but have a few comments. The badge currently shows nothing, but I assume that will change when a report is uploaded?

[MatthewMiddlehurst]

LGTM. I think the pre-commit action does not like the force pushes, but not really relevant 🙂.