Describe the bug
The Branch-Protection score should count 1 point for each setting you enable, of course, considering the Tiers. However, the scoring is wrong for the following cases:

• Using non-admin token, when you reach tier 3 you have 8/10 and should be 7/10.
• Using non-admin token, when you reach tier 3 you have 8/10. When enabling "Require review from code owners" you still get an 8/10.
• Using admin token, when you reach tier 1 you have 4/10 and should be 3/10.
• Using admin token, when you reach tier 2 and enable "Require at least 1 reviewer for approval before merging " you have 5/10. When enabling "For administrators: Require branch to be up to date before merging" you still get a 5/10.
• Using admin token, when you reach tier 3 you have 8/10 and should be 7/10.
• Using admin token, when you reach tier 3 you have 8/10. When enabling "Require at least 2 reviewers for approval before merging" you still get an 8/10.
• Using admin token, when you reach tier 3 you have 8/10. When enabling "Require review from code owners" you still get an 8/10.

Reproduction steps

To reproduce, get an non-admin token, enable the branch protection settings until you reach Tier 2, run Scorecard with non-admin token and then do it again until you reach Tier 3 and compare the scores.
Same for admin-token, but comparing the Tiers 1, 2 and 3 scores.

Expected behavior

The Branch-Protection score should count 1 point for each setting you enable but considering the Tiers.

Additional context
#2772 (comment)