ci(zizmor): GitHub Actions allow list

Author: thomasleplus

.github/workflows/super-linter.yml

@@ -67,4 +67,6 @@ jobs:
           DEFAULT_BRANCH: main
           FILTER_REGEX_EXCLUDE: "(gradlew|gradlew\\.bat|gradle/.*|mvnw|mvnw\\.cmd|\\.m2/.*|\\.mvn/.*)$"
           ENFORCE_COMMITLINT_CONFIGURATION_CHECK: true
+          GITHUB_ACTIONS_ZIZMOR_CONFIG_FILE: .zizmor.yml
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.zizmor.yml

@@ -0,0 +1,14 @@
+---
+rules:
+  forbidden-uses:
+    config:
+      allow:
+        - actions/*
+        - docker/*
+        - github/codeql-action/*
+        - google/osv-scanner-action/*
+        - microsoft/DevSkim-Action
+        - microsoft/security-devops-action
+        - ossf/scorecard-action
+        - sigstore/cosign-installer
+        - super-linter/super-linter