feat: add aikido security workflow

This adds a workflow which will run on each PR to scan with the
AiKido security tool.

Fixes: #55
URL: https://github.com/marketplace/actions/aikido-security-github-action
Signed-off-by: Jaremy Hatler <hatler.jaremy@gmail.com>

Author: jhatler

.github/workflows/aikido.yml

@@ -0,0 +1,37 @@
+name: Aikido Security
+
+on:
+  pull_request:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+permissions: {}
+
+jobs:
+  aikido-security:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+      id-token: write
+      security-events: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Detect new vulnerabilities
+        uses: AikidoSec/github-actions-workflow@v1.0.13
+        with:
+          secret-key: ${{ secrets.AIKIDO_SECRET_KEY }}
+          fail-on-timeout: true
+          fail-on-dependency-scan: true
+          fail-on-sast-scan: false
+          fail-on-iac-scan: false
+          minimum-severity: 'LOW'
+          timeout-seconds: 180
+          post-scan-status-comment: 'only_if_new_findings'
+          post-sast-review-comments: 'on'
+          github-token: ${{ secrets.GITHUB_TOKEN }}