Use zizmor to scan for GHA security problems

[dfremont]

Description

Fixes potential security problems flagged by zizmor and runs it in CI.

Issue Link

n/a

Checklist

• I have tested the changes locally via pytest and/or other means
• I have added or updated relevant documentation
• I have autoformatted the code with black and isort
• I have added test cases (if applicable)

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.33%. Comparing base (a6e48a2) to head (a7177b8).
Report is 6 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #320      +/-   ##
==========================================
- Coverage   91.35%   91.33%   -0.02%     
==========================================
  Files          54       54              
  Lines       13568    13584      +16     
==========================================
+ Hits        12395    12407      +12     
- Misses       1173     1177       +4     

see 8 files with indirect coverage changes

[dfremont]

Looks good, thanks Lola!

[lola831]

The PR looks good. I also manually tested run-simulators, and it works as expected.

[lola831]

Changed the method for passing the environment variable into SSH by using SendEnv. I manually ran the run-simulators GitHub workflow action, and it worked as expected.