Allow zizmor's ref-pinning of first-party actions (#625)

Since zizmor 1.20.0, the default behaviour is that first-party actions
(owned by GitHub) cannot be pinned by reference. Add a configuration
file that allows to ref-pinning first-party actions to maintain the old
behaviour.

Author: santisoler

.github/zizmor.yml

@@ -0,0 +1,11 @@
+# Configure zizmor
+# ================
+rules:
+  unpinned-uses:
+    config:
+      policies:
+        # Allow to ref-pinning for first-party actions.
+        # Reference: https://docs.zizmor.sh/release-notes/#1200
+        actions/*: ref-pin
+        github/*: ref-pin
+        dependabot/*: ref-pin