ci: add config file for zizmor workflow

Author: thunderbiscuit

.github/workflows/zizmor.yaml

@@ -3,6 +3,7 @@ name: Zizmor Actions Analysis
 # Analyzes GitHub Actions workflows for security vulnerabilities using zizmor.
 # Runs on pushes to master and all pull requests to detect potential security issues
 # in workflow configurations. Results are uploaded to GitHub's security dashboard.
+# The .github/zizmor.yaml file configures the rules this action will check against.
 
 on:
   push:

.github/zizmor.yml

@@ -0,0 +1,8 @@
+# This is a configuration file for the zizmor action defined in .github/workflows/zizmor.yaml
+
+rules:
+  # Disable the rule requiring all actions be pinned to a specific hash
+  unpinned-uses:
+    config:
+      policies:
+        "*": any