chore(ci): introduces OSSF Scorecard

[heitorlessa]

Issue number: #2203

Summary

Introduces Open-source Security Foundation Scorecard checks.

It also gives us a score that we can publish as a GitHub Badge later. At first, it'll complain about our lack of provenance (SLSA) and binary signing - these are depending GitHub investigation to ensure published release notes don't disappear with git tags being created from our release workflow.

Changes

Please provide a summary of what's being changed

• New workflow to run every day at 9am to post security alerts if any

User experience

Please share what the user experience looks like before and after this change

OSSF Scorecard should create new security alerts that could affect supply chain here: https://github.com/aws-powertools/powertools-lambda-python/security

Checklist

If your change doesn't seem to apply, please leave them unchecked.

• Meet tenets criteria
• I have performed a self-review of this change
• Changes have been tested
• Changes are documented
• PR title follows conventional commit semantics

Is this a breaking change?

RFC issue number:

Checklist:

• Migration process documented
• Implement warnings (if it can live side by side)

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

[leandrodamascena]

@heitorlessa just a comment before merge.

[leandrodamascena]

APPROVED!

[leandrodamascena]

LGTM!