Summary

This PR adds a new workflow to run Macaron for supply chain security detection.

It enables the check-github-actions policy to analyze GitHub workflows for insecure patterns and potential risks. When issues are detected, detailed findings and remediation suggestions are included in the workflow summary. Full reports are also uploaded as workflow artifacts for further review.

For more details, see: https://oracle.github.io/macaron/pages/macaron_action.html