GitHub Action to run pyup Safety

[cclauss]

This GitHub Action demonstrates that the version of setuptools in setup-python needs to be upgraded...

• https://github.com/pyupio/safety
• CVE-2022-40897 https://pyup.io/v/52495/f17
• https://github.com/actions/setup-python/actions/workflows/safety.yml
• https://pypi.org/project/setuptools
• https://setuptools.pypa.io/en/stable/history.html

-> Vulnerability found in setuptools version 65.5.0
   Vulnerability ID: 52495
   Affected spec: <65.5.1
   ADVISORY: Setuptools 65.5.1 includes a fix for CVE-2022-40897: Python
   Packaging Authority (PyPA) setuptools before 65.5.1 allows remote...
   CVE-2022-40897
   For more information, please visit https://pyup.io/v/52495/f17

 Scan was completed. 1 vulnerability was found. 

Description:
Describe your changes.

Related issue:
Add link to the related issue.

Check list:

• Mark if documentation changes are required.
• Mark if tests were added or updated to cover the changes.

[dmitry-shibanov]

Hello @cclauss. Thank you for your pull request. As I know safety checks python dependencies for vulnerabilities but setup-python does not use python dependencies through dist directory. The action uses python dependencies for e2e testing and unit testing for cache.

[cclauss]

Can the version of setuptools that setup-python uses be upgraded so that it does not suffer from CVE-2022-40897?