Add zizmor

[martincostello]

• Use zizmor to scan the GitHub Actions workflows for vulnerabilities.
• Resolve zizmor findings.

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.28%. Comparing base (8cfbc4c) to head (5160790).
⚠️ Report is 1 commits behind head on master.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #3528   +/-   ##
=======================================
  Coverage   94.28%   94.28%           
=======================================
  Files         110      110           
  Lines        3816     3816           
  Branches      722      722           
=======================================
  Hits         3598     3598           
  Misses        218      218           

Flag	Coverage Δ
Linux	94.28% <ø> (ø)
Windows	94.28% <ø> (ø)
macOS	94.28% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.