Roll out OSSF scorecard workflow to all repositories

[trask]

For an example of the report that this generates, see https://scorecard.dev/viewer/?uri=github.com/open-telemetry/opentelemetry-java-instrumentation

We are planning to use the scorecard report on Wednesday of this week to help drive a Security Slam event at KubeCon where participants can help to burn down our security backlog.

Note: this is using an automation mechanism similar to #2574 in order to send PRs to add these workflows to all repositories.