Add workflow for security governance for packages

[peterhessey]

🚀 Feature A GitHub workflow that regularly runs to check for security issues with any packages existing in environment.yml. It should run regularly (e.g. weekly) as well as on any new PRs. It should fail if any critical packages are found. Dependabot may provide some or all of the necessary functionality here.

Motivation

A similar suite of checks in the private MSR repo for IE-DL (which uses this repo as a submodule) are failing due to security concerns around packages used in this env.

AB#6364