⚠️ Remove OneFuzz from fuzzing checks

[DavidKorczynski]

This is removed because OneFuzz has been archived https://github.com/microsoft/onefuzz

Note that OneFuzz is not deprecated but development of it in the open source has stopped. In that sense I think it's a position statement from Scorecard: the project can still be used for fuzzing but is no longer maintained, should it be recommended as a fuzzing set up or considered in the scoring process?

I set this as a breaking feature since it's removing a probe, but am not sure if this should be considered breaking as such.

What kind of change does this PR introduce?

(Is it a bug fix, feature, docs update, something else?)

• PR title follows the guidelines defined in our pull request documentation

What is the current behavior?

OneFuzz is recommended as a continuous fuzzing solution.

What is the new behavior (if this is a feature change)?**

OneFuzz is not considered when recommending fuzzing.

• Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

Fixes: #3662

Special notes for your reviewer

Does this PR introduce a user-facing change?

For user-facing changes, please add a concise, human-readable release note to
the release-note

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

[codecov]

Codecov Report

Merging #3666 (12a5dad) into main (934f170) will decrease coverage by 5.59%.
The diff coverage is n/a.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3666      +/-   ##
==========================================
- Coverage   76.06%   70.48%   -5.59%     
==========================================
  Files         206      205       -1     
  Lines       14065    14032      -33     
==========================================
- Hits        10699     9890     -809     
- Misses       2733     3567     +834     
+ Partials      633      575      -58     

[spencerschrock]

Note that OneFuzz is not deprecated but development of it in the open source has stopped. In that sense I think it's a position statement from Scorecard: the project can still be used for fuzzing but is no longer maintained, should it be recommended as a fuzzing set up or considered in the scoring process?

So previously we did something similar for Sonatype Lift (#3605), which was a managed service. When it was shutdown, the tool no longer worked. I'm curious if being self-hosted changes how we handle this in the future. For anyone currently using OneFuzz, they would continue to benefit from it since it's self-hosted.

From some quick searching, there don't seem to be any public repos which use this on GitHub so I don't think we have an issue here. Eventually we'll run into the issue of a deprecated probe that we still want to score, but don't want to recommend.