Workflow for vulnerable dependency scan

[abelk2]

Is your feature request related to a problem? Please describe.
It is important to scan our dependencies for known vulnerabilities, because our consumers might inherit them.

Describe the solution you'd like

• Collect vulnerabilities from Gradle and NPM dependencies, including transitive ones.
• Report vulnerable dependencies in the summary of the workflow job. It should contain the full identifier of the dependency, and the vulnerability (CVE) with its link.
• Workflow should count the total number of scanned dependencies and the vulnerable ones.
• Generate a dynamic badge (similarly to the coverage badge) and add it to the README. Label should be 'vulnerabilities', value should be <vulnerabilityCount> / <totalCount>. When vulnerability count is zero, it should be green, red otherwise.
• Find a way to notify project maintainers when vulnerabilities were found (probably email).
• Check should be scheduled to run weekly.

Describe alternatives you've considered
Dependabot would be a solution if it had support for Gradle version catalogs, which it doesn't.

Additional context
There's already a task called dependencyCheck in the Gradle build file that can be used for this.