Improve scorecard results

[ejratl]

The OpenSSF Scorecard project scans GitHub repos for secure practices. It has given this project a 4. See the attached JSON document for the full rationale. It would be nice to improve this score over time.

bquxjob_58fe6f0e_182c73e5b54.json.txt

Easy to fix items include

• [ ] Making sure that there is always a review of a PR before committing it
• [ ] Adding read only access control to GitHub workflow actions
• [ ] Work on a Best Practices Badge
• [ ] Publish a security policy