Merge pull request #404 from Automattic/add/dep-review

ci: add Dependency Review workflow

Author: sjinks

.github/workflows/dependency-review.yml

@@ -0,0 +1,24 @@
+name: Dependency Review
+
+on:
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    name: Review Dependencies
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: Check out the source code
+        uses: actions/[email protected]
+
+      - name: Review dependencies
+        uses: actions/[email protected]
+        with:
+          comment-summary-in-pr: true
+          show-openssf-scorecard: true