Implement Fine-grained PAT For OpenSSF Scorecard

[Jdubrick]

/kind user-story

Which area this user story is related to?

/area api
/area library
/area registry
/area alizer
/area devworkspace
/area registry-viewer

User Story

After the completion of #1298 we will need to add a Fine-grained PAT for our various repositories (may be possible to implement this on an organization level). This token will allow the OpenSSF scorecard to properly detect our branch protection rules and reflect that in the badge score.

During the implementation of the OpenSSF scorecards we left out the portion that included the Fine-grained PAT as it requires an owner to do so. The scorecard functions without that token but as stated above leaves out the branch protection score.

Each repository has a workflow file titled scorecard.yml, inside this file you will be able to find the commented instructions about the addition of this token. Example: https://github.com/devfile/library/blob/main/.github/workflows/scorecard.yml#L40

More information about the token and its implementation/setup can be found here:
https://github.com/marketplace/actions/ossf-scorecard-action#authentication-with-fine-grained-pat-optional
https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md

Acceptance Criteria

Step 1

• Create Fine-grained token

Step 2

This token will need to be added to the following repositories (either as a repo secret or if possible as an org secret) as well as referencing it in the scorecard.yml workflow files for each repository.

• devfile/alizer
• devfile/api
• devfile/library
• devfile/registry-operator
• devfile/registry-support
• devfile/devfile-web
• devfile/devworkspace-operator

[github-actions]

This issue is stale because it has been open for 90 days with no activity. Remove stale label or comment or this will be closed in 60 days.