Add code scans (#1367)

* Add Dep Review

* Add code scanning workflows

* Update security.yml

* Add Dep Review

* Add code scanning workflows

* Add permissions to workflow

* Add proper permissions

* Update to stable version on main

Author: JLESUS

.github/workflows/security.yml

@@ -0,0 +1,24 @@
+name: Security
+# Slack: #help-product-security
+
+permissions:
+  contents: write         # Needed by both CodeQL and dependency review
+  pull-requests: write    # Needed by dependency review
+  statuses: write         # Needed by dependency review (to post checks)
+  security-events: write  # Needed by CodeQL to upload SARIF
+  packages: read          # Needed by CodeQL for private/internal packs
+  actions: read           # Needed by CodeQL to access internal actions
+
+on:
+  pull_request:
+    branches: [ main ]
+  push:
+    branches: [ main ]
+  workflow_dispatch:
+
+jobs:
+  code-scanning:
+    uses: braintree/security-workflows/.github/workflows/codeql-android.yml@main
+
+  dependency-review:
+    uses: braintree/security-workflows/.github/workflows/dependency-review-gradle.yml@main