Improvements:

1. the Packaging checks only looks for GH packaging workflows. This is not the only way to publish code. We should check for the presence of the package on language repos.
   Example:
   for npm: the package.json has a "repository" field, and metadata may be available from the npm API. Alternatively, we could look at the name in package.json of the repository, then check npm to see if that package exists.

2. The check currently uses regex, we should switch to parsing properly.

3. we're missing some of the registries in https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-rubygems-registry

4. we're missing go packages, see https://github.com/ossf/scorecard/blob/main/.github/workflows/goreleaser.yaml

5. we're missing github marketplace actions

6. Update the Token-Permission workflow as well, as it also checks for the need of packages permission.