ci: use dependency review action

.github/dependency-review-config.yml

@@ -0,0 +1,8 @@
+fail_on_severity: "low"
+allow_licenses:
+  - "MIT"
+  - "ISC"
+  - "MPL-2.0"
+  - "BSD-2-Clause"
+  - "BSD-3-Clause"
+  - "Apache-2.0"

.github/workflows/pr.yml

@@ -0,0 +1,19 @@
+name: "Dependency Review"
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout Repository"
+        uses: actions/checkout@v3
+
+        # Their stupid action rely on PR event metadata, so
+        # there is no much sense to move it to setup a re-usable workflow.
+      - name: "Dependency Review"
+        uses: actions/dependency-review-action@v3
+        with:
+          config-file: "./.github/dependency-review-config.yml"