docs(ci): fix stale scorecard.yml reference in reusable comment

The standards repo's thin scorecard.yml caller was retired in #372
(redundant second scorecard run; superseded by scorecard-enforcer.yml).
The scorecard-reusable.yml header comment still pointed at that now-
deleted file as the canonical weekly caller. Update the note to reflect
that standards runs Scorecard via scorecard-enforcer.yml, and clarify
that the reusable itself is unchanged so downstream thin-caller wrappers
(the canonical pattern) are unaffected.

https://claude.ai/code/session_011xv3VLrqeXkpjXxUojKz82

Author: claude

.github/workflows/scorecard-reusable.yml

@@ -53,9 +53,15 @@
 # CANONICAL SCHEDULE — WEEKLY, NOT DAILY (2026-05-28).
 # Estate audit found 180 repos running daily at 04:00 UTC ('0 4 * * *')
 # vs 29 on canonical weekly ('23 4 * * 1') — drift driven by an older
-# version of the example above. The actual canonical caller in
-# `hyperpolymath/standards/.github/workflows/scorecard.yml` has always
-# been weekly. The example now matches.
+# version of the example above. Downstream thin-caller wrappers should
+# keep the weekly cadence shown above.
+#
+# NOTE (2026-06-04): the standards repo itself no longer ships a thin
+# `scorecard.yml` caller — it was retired in #372 as a redundant second
+# scorecard run. Standards runs OSSF Scorecard directly via
+# `scorecard-enforcer.yml` (weekly, Monday 06:00 UTC; publishes + gates
+# on MIN_SCORE). This reusable is UNCHANGED and downstream callers are
+# unaffected — they remain the canonical thin-caller pattern.
 #
 # GH Actions budget impact of the drift: 180 daily × (365 − 52) ≈ 56k
 # extra runs/year × ~1.5 min/run ≈ ~84k Actions-minutes/year. Fan-out