Setup proper benchmark suite

[orottier]

trafficstars

• [x] Setup benches folder to run - https://doc.rust-lang.org/1.12.1/book/benchmark-tests.html
• [ ] Split the example/benchmarks.rs file to separate benchmarks
• [ ] Use criterion to run benchmarks locally
• [x] Run benches in CI
• [x] In pull requests, report benchmark results (compared to current main)
• [ ] Add all benchmarks to the CI benchmarks
• [ ] fix bot not always able to comment on the PR

[b-ma]

Seems the failing comment is due to the fact that as I'm opening the PR the used token is the one of my fork that does not have write permissions.

It seems that one way to fix this would be to use

on:
  pull_request_target:
    branches: [ main ]

But then it seems this creates security issues as the code is built on your behalf... (cf. https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target)

Apparently the right way to handle that is to combine several workflows with different access rights as explained there: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ (didn't read carefully, I will have a more in depth read tomorrow)