Update GitHub workflows: pin action versions, set permissions #11

	name: zizmor

	on:
	push:
	branches: ['master']
	pull_request:
	branches: ['**']

	permissions: {}

	jobs:
	zizmor:
	name: zizmor
	runs-on: ubuntu-latest
	permissions:
	contents: read
	actions: read
	steps:
	- name: Checkout repository
	uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
	with:
	persist-credentials: false

	- name: Install the latest version of uv
	uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0
	with:
	enable-cache: false

	- name: Run zizmor
	run: uvx zizmor@latest .github/workflows -v -p --min-severity=medium

Provide feedback