GitHub CI/CD and more

[ViacheslavKudinov]

Hello @stCarolas Could you be interested to get some changes in your repo which I have done in my own one? I've done it mostly for fun, but it can be also useful for community that uses your action and the company I have worked at.

Main idea of changes to increase transparency and safety of your action as it can have Dependabot alerts and PR:s, CodeQL scanning and so on.

Please, take a look my modified fork of your repo https://github.com/vk-org/setup-maven.

Brief information changes:

• workflow for push to none default branch (master in our case) https://github.com/vk-org/setup-maven/blob/master/.github/workflows/push_into_none_master.yaml
• workflow for CodeQL scanning https://github.com/vk-org/setup-maven/blob/master/.github/workflows/codeql-analysis.yml (from typical GitHub snippet)
• workflow for PR into default (master) branch https://github.com/vk-org/setup-maven/blob/master/.github/workflows/pr_into_master.yaml
• workflow for push into default branch (master) https://github.com/vk-org/setup-maven/blob/master/.github/workflows/push_to_master.yaml
• delivery of actions as ncc distribution (was mentioned this page https://docs.github.com/en/actions/creating-actions/creating-a-javascript-action#commit-tag-and-push-your-action-to-github)
• added Dependabot configuration to check dependencies

I'm not developer and maybe you don't see any value of what I've done.

Please, let me know if it makes sense and then I will groom it into PR into your repo. Any feedback is appreciated.