Add the OpenSSF Scorecard Github Action

[joycebrum]

Hello, I am Joyce and I'm working on behalf of Google and the OpenSSF to improve the supply-chain security of essential open-source projects. The OpenSSF is a non-profit foundation dedicated to improving the security of the open-source community. It counts GitHub as a founding member.

The Scorecard system combines [dozens of automated checks to let maintainers better understand their project's supply-chain security posture. It is developed by the OpenSSF, with direct support from GitHub.

The OpenSSF has also developed the Scorecard GitHub Action, which adds the results of its checks to the project's security dashboard, as well as suggestions on how to solve any issues (see examples below). This Action has been adopted by 1600+ projects already.

Cosidering that the docker-compose is widely used by users and companies, it is intersting to consider adopt to Scorecard Github Action to increase the security of the repository and garantee that the project is safe from malicious sabotage.

Would you be interested in a PR which adds this Action? Optionally, it can also publish your results to the OpenSSF REST API, which allows a badge with the project's score to be added to its README.