Explicitly surface cases where the source repository is archived

[jamietanna]

Similar to #92 and as suggested in golang/go#68316 is the ability to surface when a package is not officially surfaced as deprecated, but the package's source repository itself is archived, which is a strong indication that the package is no longer maintained.

I've been calculating this metadata using https://ecosyste.ms up until now, but this would also be of worth to surface inside deps.dev too.

We - for the most part - already have this indication for a given package through our OpenSSF Security Scorecards, for instance on https://deps.dev/go/github.com%2Fgolang%2Fmock we see that we pull Scorecard data which can be separately retrieved from the API:

curl 'https://api.deps.dev/v3/projects/github.com%2Fgolang%2Fmock'
{
  "date": "2024-06-10T00:00:00Z",
# ...
    {
      "name": "Maintained",
      "documentation": {
        "shortDescription": "Determines if the project is \"actively maintained\".",
        "url": "https://github.com/ossf/scorecard/blob/6d8f701a9d42e9249ac497542886b45abeff09d9/docs/checks.md#maintained"
      },
      "score": 0,
      "reason": "project is archived",
      "details": [
        "Warn: Repository is archived."
      ]
    },
# ...

However, we'd probably need to add some additional handling to either:

• work out if the Maintained score is due to the project being archived vs just not having any updates in the last 90 days
• perform the "is archived" check in deps.dev's codebase itself

And then surface this data into the API as a new field is_source_repo_archived (or similar)