use zizmor for scanning gh workflow files

[thebigbone]

Thanks for this image with good security configurations. I was wondering if it would be beneficial to scan the workflow yamls with https://github.com/woodruffw/zizmor.

PS: you should checkout polarix-containers, they are also creating secure container images.

[madnuttah]

Hello there and thanks for your suggestions! I'll take a look into zizmor or similar. What's the benefit of polarix compared to a distroless setup?

Cheers!