Also run the scorecard workflow in PR's.

.github/workflows/scorecard-analysis.yml

@@ -7,6 +7,9 @@ on:
     - main
     paths:
     - .github/workflows/scorecard-analysis.yml
+  pull_request:
+    branches:
+    - main
 
 permissions: read-all
 
@@ -29,9 +32,10 @@ jobs:
         with:
           results_file: results.sarif
           results_format: sarif
-          publish_results: true
+          publish_results: ${{ github.event_name != 'pull_request' }}
 
       - name: Upload to code-scanning
+        if: github.event_name != 'pull_request'
         uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 #4.35.2
         with:
           sarif_file: results.sarif