chore: define scorecard workflow

[mmorel-35]

📑 Summary

Create a ascorecard workflow. It also provide the associated badge to provide public information about the conformity with OpenSSF best practices concerning security.

This PR also fixes the "Pinned dependencies" issues with github-actions.

This was done with the help of https://app.stepsecurity.io/secureworkflow

📏 Design Decisions

Describe the way your implementation works or what design decisions you made if applicable.

📋 Tasks

Make sure you

• 📖 have read the contribution guidelines
• 💻 have added necessary unit/e2e tests.
• 📓 have added documentation. Make sure MERMAID_RELEASE_VERSION is used for all new features.
• 🦋 If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running pnpm changeset and following the prompts. Changesets that add features should be minor and those that fix bugs should be patch. Please prefix changeset messages with feat:, fix:, or chore:.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 83ee06e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[netlify]

✅ Deploy Preview for mermaid-js ready!

Name	Link
🔨 Latest commit	83ee06e
🔍 Latest deploy log	https://app.netlify.com/sites/mermaid-js/deploys/66c9b1878c5d040008442b77
😎 Deploy Preview	https://deploy-preview-5764--mermaid-js.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 5.21%. Comparing base (534d3dd) to head (83ee06e).
Report is 2 commits behind head on develop.

Additional details and impacted files

@@            Coverage Diff             @@
##           develop   #5764      +/-   ##
==========================================
- Coverage     5.21%   5.21%   -0.01%     
==========================================
  Files          322     323       +1     
  Lines        46083   46094      +11     
  Branches       561     536      -25     
==========================================
  Hits          2402    2402              
- Misses       43681   43692      +11     

Flag	Coverage Δ
unit	5.21% <ø> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 1 file with indirect coverage changes

[argos-ci]

The latest updates on your projects. Learn more about Argos notifications ↗︎

Build	Status	Details	Updated (UTC)
default (Inspect)	👍 Changes approved	1 changed	Aug 24, 2024, 10:24 AM

[mmorel-35]

@sidharthv96 ,
I'm going to rebase after #5765 is merged