chore: Add SonarCube security scan workflow.

.github/workflows/security.yaml

@@ -0,0 +1,21 @@
+on:
+  # Trigger analysis when pushing to your main branches, and when creating a pull request.
+  push:
+    branches:
+      - main
+      - 'releases/**'
+  pull_request:
+      types: [opened, synchronize, reopened]
+
+name: SonarQube Security
+jobs:
+  analysis:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        # Disabling shallow clones is recommended for improving the relevancy of reporting
+        fetch-depth: 0
+
+    - name: SonarQube Scan
+      uses: sonarsource/[email protected]