Fixes issue

Scorecard continues to generate false alerts.

Describe the change

Remove OpenSSF scorecard checks and best practices badge. Scorecard is generating false alerts for things the upstream project will not fix, including:

• It reports many pages of results for pinned dependencies in the Dockerfile that are actually pinned.
• Signed artifacts that are not shipped with the expected filename are considered unsigned.
• My own dependency update tool is unknown to their project and they do not scan for whether the dependencies are currently being updated.
• The SAST scans from gosec, osv-scanner, and govulncheck that are done in the Makefile are not detected.
• The best practices badge will never be complete since the project does not generate RC releases (instead GHA outputs artifacts and docker images are also provided with an edge tag for every merged PR). This project also does not have a test policy that is verified for every PR, depending instead on manual PR reviews.

Related scorecard issues include:

• Pinned dependencies check in Dockerfile does not handle build args ossf/scorecard#3684
• Signed Releases check misses content packaged in tar/zip files ossf/scorecard#3685

How to verify it

The badges and GHA will no longer appear on the project. Previous false security alerts will be manually closed as invalid.

Changelog text

• Chore: Remove OpenSSF scorecard and best practices.

Please verify and check that the pull request fulfills the following requirements

• Tests have been added or not applicable
• Documentation has been added, updated, or not applicable
• Changes have been rebased to main
• Multiple commits to the same code have been squashed