Automatically upload SARIF report to Github

[kzantow]

A user can currently upload the generated SARIF report by adding an additional step in their workflow using the upload-sarif action from codeql-action. It might be nice if this happens automatically when using the scan-action. It looks like there has been some movement on composite actions, this might make adding the upload-sarif step trivial. Or maybe it's been implemented finally?

NOTE: this is likely to require adding partialFingerprints to the SARIF output