Add a pipeline to pull the OSSF Scorecard visualizer

[UlisesGascon]

Motivation

We want to host the official Scorecard Visualizer under the official Scorecard domain. This PR enables the existing Scorecard Viewer and the Visualizer to coexist in the same space while we plan the next steps (unification, deprecation, redirects, etc.).

Main Changes

• Introduces a new GitHub Actions pipeline that automatically fetches the latest version of the
  OSSF Scorecard Visualizer, builds it, and opens a PR updating the static folder.
• The Visualizer is now available at:
  https://scorecard.dev/scorecard-visualizer/#/projects/github.com/ossf/scorecard-visualizer
• You can see a working preview (generated via PR #902) here:
  https://deploy-preview-902--ossf-scorecard.netlify.app/scorecard-visualizer/#/projects/github.com/ossf/scorecard-visualizer
• The original Visualizer remains unchanged and still works at:
  https://ossf.github.io/scorecard-visualizer/#/projects/github.com/ossf/scorecard-visualizer

A sample of an auto-generated update PR can be seen here (from my fork):
https://github.com/UlisesGascon/scorecard-webapp/pull/5

Screenshots

How the Update Process Works

A scheduled GitHub Action checks daily (and can be run manually) to detect if the Visualizer project has new changes.

1. The workflow reads the last synced commit SHA from .last_commit.
2. It fetches the latest commit SHA from ossf/scorecard-visualizer@main as we don't do releases
3. If both SHAs match → no update is performed.
4. If they differ →
   • The Visualizer repo is cloned
   • Dependencies are installed
   • A production build is generated
   • The output is copied into scorecards-site/static/scorecard-visualizer/
   • The .last_commit file is updated
   • The changes are committed to branch deps/upgrade-visualizer

PR Behavior

The workflow safely handles all scenarios:

✅ PR already open

• The existing deps/upgrade-visualizer branch is updated (force-with-lease)
• The PR automatically reflects the new build
• No new PR is created

✅ PR merged

• A new branch is created
• A brand-new PR is opened for the next update

✅ PR closed without merging

• The workflow creates a new PR the next time updates are detected

❗ No changes detected

• The workflow exits early
• No build, commit, or PR action occurs

Note: In the PR decription we have this information:

This update includes changes from commit:  
**`${{ steps.latest.outputs.sha }}`**  
https://github.com/ossf/scorecard-visualizer/commit/${{ steps.latest.outputs.sha }}

Context

• Closes #902

[netlify[bot]]

✅ Deploy Preview for ossf-scorecard ready!

Name	Link
🔨 Latest commit	c282caf166048f1a559212c9b2c8d6ddf792a3b7
🔍 Latest deploy log	https://app.netlify.com/projects/ossf-scorecard/deploys/6918c16efd26ae0008368816
😎 Deploy Preview	https://deploy-preview-901--ossf-scorecard.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.