Dependency pinning enhancement

[laurentsimon]

The Pinning-Dep checks for known file names for various languages. However, as soon as it finds one, it returns success. Some repos may contain more than one language -- Tink crypto library is an example, protobuf is another one.

We could use the language APIs to automatically detect the languages used, and validate that the filenames we find correspond to the languages used. We need not check all languages, but only the prominent ones used in the repo.

Note that the language API does not give us the folders that contain the code. So an alternative approach may be to list all files, count their LoC ourselves instead.

This will allow scorecard to report what languages we tested the repo for and which folders passed the tests. We may report a score that is the percentage of lines of code 'pinned' over the number of lines non 'pinned'. Running scorecard on envoy currently fails to detect the following files since we only check for files in the root folder.

name ci/flaky_test/requirements.txt
name configs/requirements.txt
name docs/requirements.txt
name examples/grpc-bridge/client/requirements.txt
name source/common/common/compiler_requirements.h
name source/extensions/filters/network/kafka/requirements.txt
name test/extensions/filters/network/thrift_proxy/requirements.txt
name tools/code_format/requirements.txt
name tools/config_validation/requirements.txt
name tools/dependency/requirements.txt
name tools/deprecate_features/requirements.txt
name tools/deprecate_version/requirements.txt
name tools/envoy_headersplit/requirements.txt
name tools/github/requirements.txt
name tools/protodoc/requirements.txt
name tools/testing/requirements.txt

This suggests that long-term, it would be useful to have a comprehensive config file for each repo.

Related to #404 #403