Securing CI setup

[rasmus]

More and more examples of insecure GitHub Actions usages pop up, so its properly a good idea to perform regular scanning of the CI setup to ensure that its secure.

Potential scanners

• https://woodruffw.github.io/zizmor/ (referenced here)