ci: update link checker based on osv-scanner setup (#4038)

This is the same setup we're using in `osv-scanner`

Resolves #4037

Author: G-Rath

.github/workflows/link-checker-on-push.yml

@@ -0,0 +1,28 @@
+name: Check markdown links
+
+on:
+  push:
+    paths:
+      - "**.md"
+  pull_request:
+    paths:
+      - "**.md"
+  schedule:
+      - cron: "30 22 * * 1,4"
+
+# Restrict jobs in this workflow to have no permissions by default; permissions
+# should be granted per job as needed using a dedicated `permissions` block
+permissions: {}
+
+jobs:
+  check:
+    permissions:
+      contents: read # to fetch code (actions/checkout)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: tcort/github-action-markdown-link-check@a800ad5f1c35bf61987946fd31c15726a1c9f2ba # v1.1.0
+        with:
+          use-quiet-mode: "yes"
+          base-branch: "master"
+          check-modified-files-only: ${{ github.event_name == 'schedule' && 'yes' || 'no'}}