It's not how free software works, but there are some interesting projects working on
(distributed, not centrally managed) code review systems that are kind of similar in
spirit to what OP describes.
https://github.com/crev-dev/crev
https://github.com/crev-dev/cargo-crev
https://mozilla.github.io/cargo-vet/
That is, individuals and organizations can publish the results of their code audits
publicly in a standardized format, tied to a package artifact, and a downstream consumer
could denote which individuals and organizations they trust to perform said audits.
It's technically possible and not an entirely ridiculous idea, it's just
economically challenging. How do you find enough people willing and able to audit a
package (including e.g. autotools build scripts), in multiple, to the level of scrutiny
that would be required to catch something like this.