ci: add Dependency Review workflow

[sjinks]

This pull request introduces a new GitHub Actions workflow to automate dependency reviews for pull requests. The workflow ensures that any changes to dependencies are reviewed for potential issues.

Workflow addition:

• .github/workflows/dependency-review.yml: Added a new workflow named "Dependency Review" that triggers on pull requests. It checks out the source code and uses the actions/dependency-review-action to review dependencies.

[Copilot]

Pull Request Overview

This PR adds automated dependency review capabilities to the repository by introducing a GitHub Actions workflow that analyzes dependency changes in pull requests for potential security vulnerabilities and licensing issues.

• Adds a new GitHub Actions workflow for dependency review automation
• Configures the workflow to trigger on all pull requests
• Implements proper permissions and uses official GitHub Actions for checkout and dependency analysis

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/checkout	4.2.2	🟢 5.2	Details Check Score Reason Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging ⚠️ -1 packaging workflow not detected Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Branch-Protection ⚠️ -1 internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 9 security policy file detected SAST 🟢 8 SAST tool detected but not run on all commits Vulnerabilities ⚠️ 0 10 existing vulnerabilities detected
actions/actions/dependency-review-action	4.7.1	🟢 6.8	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 22 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 7 3 existing vulnerabilities detected

Scanned Files

• .github/workflows/dependency-review.yml