ci: add rustsec cargo-audit workflow

Author: storopoli

.github/workflows/security.yml

@@ -0,0 +1,41 @@
+name: Security
+
+on:
+  pull_request:
+  merge_group:
+  push:
+    branches: [main]
+
+env:
+  CARGO_TERM_COLOR: always
+
+permissions: {}
+
+jobs:
+  supply-chain:
+    name: Run `cargo-audit`
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4
+        with:
+          persist-credentials: false
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@22a6a5b0f9f487c5f5587025ae9d4a1caf2a8a78 # clippy
+
+      - name: Rust cache
+        uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2
+        with:
+          cache-on-failure: true
+
+      - name: Install latest cargo-audit from source
+        run: cargo install cargo-audit --force --locked
+
+      - name: Check for audit warnings
+        run: cargo audit -D warnings
+        continue-on-error: true
+
+      - name: Check for vulnerabilities
+        run: cargo audit