ACRL-303: chore: add zizmor

[drmorr0]

Description and Rationale

• install zizmor to make our security posture (slightly) better

How

• to compute the SHAs for the various versions, I used https://github.com/azat-io/actions-up along with a 7-day PAT

Test Steps

• testing the workflows on this PR (in progress)

• I certify that this PR does not contain any code that has been generated with GitHub Copilot or any other AI-based code generation tool, in accordance with this project's policies.

[linear]

ACRL-303 Investigate / set up zizmor

[ogorman89]

Nice, I think the llvm error on the verify workflow is just a missing with: tool:

[ogorman89]

I think the Verify workflow failed because these lines (100 & 102) are pinned now. I think the fix is just something like:

 - name: Install cargo-nextest
    uses: taiki-e/install-action@0fde6d128a3d980ceac30be8c8b8739abd963b81  # v2.70.0
    with:
        tool: cargo-nextest
 - name: Install cargo-llvm-cov
    uses: taiki-e/install-action@0fde6d128a3d980ceac30be8c8b8739abd963b81  # v2.70.0
    with:
        tool: cargo-nextest

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 78.70%. Comparing base (3d7dd95) to head (d85bc67).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #233   +/-   ##
=======================================
  Coverage   78.70%   78.70%           
=======================================
  Files          63       63           
  Lines        3789     3789           
=======================================
  Hits         2982     2982           
  Misses        807      807           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.