feat(ci): perform static security analysis for GHA workflows (#40510)

Signed-off-by: hainenber <dotronghai96@gmail.com>

.github/workflows/github-action-validator.yml

@@ -6,7 +6,8 @@ on:
       - "master"
       - "[0-9].[0-9]*"
   pull_request:
-    types: [synchronize, opened, reopened, ready_for_review]
+    branches:
+      - "**"
 
 permissions:
   contents: read
@@ -17,10 +18,12 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - name: Set up Node.js
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
           node-version: '20'
 
@@ -29,3 +32,6 @@ jobs:
 
       - name: Run Script
         run: bash .github/workflows/github-action-validator.sh
+
+      - name: Check for security issues on GHA workflows
+        uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6