Add scorecards support for Chainloop

[migmartri]

Add support for a new material type that contains the result of running OSSF Scorecard

For example, this action does 3 things

• analyze the repository
• sends the result upstream to scorecards service.
• creates an output sarif file that it's uploaded to GitHub security advisory and as an artifact.

We should be able to take that file and send it to Chainloop as OSSF_SCORECARD material type.

[migmartri]

This is an example of a SARIF file generated by the scorecard action / CLI, that we could validate, upload and attach as a regular SARIF file, potentially.

SARIF file.zip