#1830 update scorecard to v5 (gh action 2.4.0)

[planetf1]

• Updates to use scorecard v5
• re-pinned actions in scorecard.yaml to latest levels
• fixed report of unpinned dependencies in unix.yml
• enabled publishing of scorecard results

Note: Results are published by the openssf team at https://scorecard.dev/viewer/?uri=github.com%2Fopen-quantum-safe%2Fliboqs Enabling our own scan is recommended by openssf, allows us to enable badges, and permits some tweaking of rules The current scan results are here

Fixes #1830

n/a

• [ ] Does this PR change the input/output behaviour of a cryptographic algorithm (i.e., does it change known answer test values)? (If so, a version bump will be required from x.y.z to x.(y+1).0.)
• [ ] Does this PR change the list of algorithms available -- either adding, removing, or renaming? Does this PR otherwise change an API? (If so, PRs in fully supported downstream projects dependent on these, i.e., oqs-provider will also need to be ready for review and merge by the time this is merged.)

No change to crypto. This is build pipeline only.