[CI] Add zimor to check github action security

[matmair]

There have been several attacks in the past through GitHub Actions - often using already-known problems. This adds zimor to find various workflow problems that the OSSF scorecard is not finding. Inspired by python-attrs/attrs#1379

It also cleans up a few things in the actions:

• correct pinning of hashes
• reduces duplicate clones (the environment setup action is already containing a clone) -> will be a new PR
• remove unneeded persistent git credentials

[netlify]

✅ Deploy Preview for inventree-web-pui-preview canceled.

Name	Link
🔨 Latest commit	7d60a38
🔍 Latest deploy log	https://app.netlify.com/sites/inventree-web-pui-preview/deploys/675f410f3f648b000800296d

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 84.67%. Comparing base (7bfd36f) to head (7d60a38).
Report is 302 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #8639      +/-   ##
==========================================
+ Coverage   84.66%   84.67%   +0.01%     
==========================================
  Files        1195     1195              
  Lines       54363    54363              
  Branches     2057     2057              
==========================================
+ Hits        46027    46034       +7     
- Misses       7823     7824       +1     
+ Partials      513      505       -8     

Flag	Coverage Δ
backend	86.08% <ø> (ø)
migrations	42.67% <ø> (+0.02%)	⬆️
pui	69.22% <ø> (+0.07%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.