Feature: Add Scorecards for security checks

[gabibguti]

Proposal

Hello! I'm Gabriela and Google hired me to help essential open-source projects improve their supply-chain security. My role is to reach out to projects like yours and see if I can offer my time and help to secure your project, since it’s considered critical to the open source ecosystem. I see joomla-cms already follows some security best practices, such as automated flows to update dependencies, and that's great!

To build on that, I’d like to suggest a tool called Scorecards. Scorecards’ goal is to make maintainers aware of possible supply-chain security issues. This includes keeping dependencies updated to protect against vulnerabilities and guaranteeing that binary files are not present in source code, since they are targets for attacks. Scorecards runs these automated security checks and reports the results to the repository's security dashboard. There are tips for remediating any issues, which I can also help with!

If you would like to add Scorecards, let me know! I can open a PR. If not, are there any other security efforts I can help you with?

[drmenzelit]

Thank you for the offer, we will discuss it in the team and contact you.