github-actions: run zizmor in CI

Got the idea from libcurl:
https://github.com/curl/curl/blob/master/.github/workflows/checksrc.yml#L157

Assisted-by: Claude:claude-opus-4-8[1m]
Signed-off-by: Attila Szakacs-Bertok <attila.szakacs@axoflow.com>

Author: alltilla

.github/workflows/gh-workflow-check.yml

@@ -0,0 +1,37 @@
+name: GitHub Actions workflow static analysis
+
+on:
+  push:
+    paths:
+      - '.github/**'
+  pull_request:
+    paths:
+      - '.github/**'
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  zizmor:
+    name: Check GitHub Actions workflows
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Setup Python
+        uses: actions/setup-python@v6.2.0
+        with:
+          python-version: "3.x"
+
+      - name: Install zizmor
+        run: pip install zizmor
+
+      - name: Run zizmor
+        run: zizmor .github/workflows/ --pedantic