Audit GitHub Actions for security

[mfisher87]

I was reading about a recent attack where GitHub actions was the vector. It's really interesting! I hadn't considered an attack by a malicious branch name before. I ran the static analysis tool mentioned in the article, zizmor, on earthaccess:

43 findings (24 suppressed): 0 unknown, 4 informational, 0 low, 4 medium, 11 high