add action for vulnerability testing

[tomkralidis]

Penetration testing on a pygeoapi instance would be a valuable testing mechanism in a DevSecOps context.

Zed Attack Proxy (ZAP) could be a viable option, given it provides this functionality as GitHub Actions:

• https://github.com/zaproxy/action-api-scan
• https://github.com/zaproxy/action-baseline
• https://github.com/zaproxy/action-full-scan

We should also consider the OWASP API Security Top 10.

The result would be a GitHub Action (.github/workflows/security.yml) that would run some/all of the above.

[francbartoli]

For OWASP API Security Top 10: I would replicate what has been implemented for fastgeoapi

[github-actions]

This Issue has been inactive for 90 days. As per RFC4, in order to manage maintenance burden, it will be automatically closed in 7 days.