lower license score alert threshold to 9 (#1411)

When the threshold was introduced, the license check was a boolean
check: 0 points for no license, and 10 points with a license. This
later changed as covered in ossf/scorecard#1369

As the last point relies on SPDX detection, it's often flaky. Lowering
the threshold allows us to still warn if a license isn't detected but
not expect perfection.

Signed-off-by: Spencer Schrock <[email protected]>

Author: spencerschrock

policies/template.yml

@@ -27,7 +27,7 @@ policies:
       score: 10
       mode: enforced
   License:
-      score: 10
+      score: 9
       mode: enforced
   Pinned-Dependencies:
       score: 10