feat: implement GitHub Action for CI/CD integration

[leoneperdigao]

Description

Create a GitHub Action that wraps the Quantum-Safe Guardian CLI scanner, enabling automated post-quantum cryptography compliance scanning in CI/CD pipelines. The action should support PR comments, configurable thresholds, and SARIF upload to the GitHub Security tab.

Tasks

• Create action.yml with inputs:
  • scan-paths: Paths to scan (default: .)
  • scanners: Which scanners to run (source, dependency, config, tls)
  • fail-on: Severity threshold for pipeline failure (critical, high, medium, low)
  • sarif-upload: Enable/disable SARIF upload to Security tab (default: true)
  • comment-on-pr: Post summary comment on PRs (default: true)
  • config-file: Path to .quantum-safe.yml configuration
  • baseline-file: Path to baseline file for suppressed findings
• Implement composite action or Docker-based action
• Add PR comment functionality:
  • Summary table with finding counts by severity
  • New findings vs. baseline comparison
  • Link to full SARIF results in Security tab
  • Collapsible details for individual findings
• Configure failure thresholds:
  • Exit code 1 when findings exceed configured severity
  • Support fail-on: critical (only fail on critical), fail-on: none (never fail)
• Implement SARIF upload step using github/codeql-action/upload-sarif
• Add caching for dependency scan results (cache pip/npm/go module resolution)
• Support monorepo scanning with configurable scan paths
• Write integration tests that run the action in CI
• Create example workflow files for common setups

References

• Creating GitHub Actions
• GitHub Code Scanning API
• upload-sarif action