Revisit scoring for Security Policy check

[justaugustus]

Tagging a few different groups for review here, as the new standard for OpenSSF Scorecard subproject security policies should be something along the lines of:

This project adheres to the OpenSSF Scorecard security policy.

(to minimize drift across the project)

Ironically this may cause subprojects to only score a 9/10 for Security-Policy based on the last point being awarded for certain terms. (Personally I find that scoring a little too picky but that's how it is currently)

Originally posted by @spencerschrock in #4212 (comment)

[github-actions]

This issue has been marked stale because it has been open for 60 days with no activity.