OpenSSF Security Scorecards are great for determining any potential
supply chain security concerns in repositories that are used to develop
packages you depend on.

However, not everyone will rely upon the scorecards data being available
in the public API, but will instead fetch the data themselves through
the `scorecard` CLI.

To make it easier to work with this data, we can add an `import
scorecard` subcommand which will take the Scorecard report and import it
into the DB.

This requires we:

- Create a `Parser` to parse the resulting JSON
- Retrieve the `repo.name` out of the JSON
- Look up that repo URL in Ecosystems' lookup API, if possible
- Import the data at the relevant package name/package manager
  combinations
- Limit concurrency of requests to Ecosystems due to #459
- Re-use `securityScorecardsResult#Copy` for brevity
- Duplicate `purlToPackageName` to make sure we correctly store package
  names

Closes #474.