scorecard: publish results & run weekly

[planetf1]

When the scorecard support was added it was agreed to run in the PR, and not publish results

We now need to

• publish the results to openssf
• run the checks periodically (weekly is the default example from openssf)
• remove the PR execution
• add the openssf badge to the repo/dashboard

Followon to #1706

[baentsch]

Well, didn't we want to publish results score(s) when they are satisfactory, no?

So, what is a "good/satisfactory score"? What would be needed to achieve it? When and by whom is this worked on? Should this be a(n earlier) line item in the list above?

So, in order to get some answers on these questions, here's some "score card" results of pretty relevant projects, e.g., openssl has 6.6, nginx has 4.8, and kubernetes has 7.4.

So liboqs with 8.1 "beats" all of them: A project with a razor-thin support base has a higher score than some of the most important and most well-maintained projects on GH..... Am I the only one that is a bit surprised now?

In consequence, I think you can discard this comment, @planetf1 . I just post it for posterity (and anyone else wondering) after having gone through this review. Looking at the above, I'm not sure this issue should be high on any work priority list, though.