Improvement: allowlist/specify files to check

[MPV]

Imagine if one has a "matrix" job which runs different checks for each workflow/action in your repository. Then it would be nice being able to use this action in a way where we pass/specify the exact path to the file(s) to check.

In the current implementation you're not allowed to pass your own glob string (path+file): https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/blob/f32435541e24cd6a4700a7f52bb2ec59e80603b1/src/index.js#L14-L15

There is the ZG_WORKFLOWS_PATH override, but how does one use it?

Also, there's still a hardcoded *.ya?ml glob, which disallows picking a specific file one-by-one.

[MPV]

For inspiration, see the RegEx that Renovate uses for finding GHA files:

{
  "fileMatch": [
    "^(workflow-templates|\\.(?:github|gitea|forgejo)/workflows)/[^/]+\\.ya?ml$",
    "(^|/)action\\.ya?ml$"
  ]
}

• https://docs.renovatebot.com/modules/manager/github-actions/#default-config