Potential Security Enhancements for python-pptx

[Chivalnin]

I'm reaching out because I appreciate your work on python-pptx. As open-source security is a growing concern, I'd like to suggest some improvements based on the OpenSSF Scorecard best practices:

​Token Permissions​: Consider implementing explicit token permissions within the workflow to avoid over-permissioning vulnerabilities. ​Pinned Dependencies​: Using a commit hash instead of @v4 for the third-party library can mitigate breaking changes or vulnerabilities in future updates. ​Branch Protection & Code Review​: Enabling branch protection rules and code reviews can minimize the risk of introducing vulnerabilities. Refer to your repository settings for configuration options. ​Static Application Security Testing (SAST)​: Implementing SAST tools can help detect vulnerabilities early in the development lifecycle. ​Dependency Update Tool​: Utilizing a dependency update tool ensures your project uses the latest secure library versions. ​Security Policy​: Defining a comprehensive security policy (SECURITY.md) with vulnerability reporting guidelines, coding standards, and response procedures is recommended. For more information on specific checks, see the OpenSSF Scorecard documentation: Link to Documentation