Add documentation regarding security practices for github actions

[KevinEyo1]

What is the purpose of this pull request?

• [X] Documentation update
• [ ] Bug fix
• [ ] Feature addition or enhancement
• [ ] Code maintenance
• [ ] DevOps
• [ ] Improve developer experience
• [ ] Others, please explain:

Overview of changes: Resolves #2515

2488

Anything you'd like to highlight/discuss: Only included the research of practices currently being used, so things like version tagging is not documented.

Testing instructions:

Proposed commit message: (wrap lines at 72 characters) When writing GitHub action workflows, developers might miss out on security conventions.

Let's document current security practices in our developer guide so that future developers can follow these conventions.

---

Checklist: :ballot_box_with_check:

• [ ] Updated the documentation for feature additions and enhancements
• [ ] Added tests for bug fixes or features
• [X] Linked all related issues
• [X] No unrelated changes

---

Reviewer checklist:

Indicate the SEMVER impact of the PR:

• [ ] Major (when you make incompatible API changes)
• [ ] Minor (when you add functionality in a backward compatible manner)
• [ ] Patch (when you make backward compatible bug fixes)

At the end of the review, please label the PR with the appropriate label: r.Major, r.Minor, r.Patch.

Breaking change release note preparation (if applicable):

• To be included in the release note for any feature that is made obsolete/breaking

Give a brief explanation note about:

• what was the old feature that was made obsolete
• any replacement feature (if any), and
• how the author should modify his website to migrate from the old feature to the replacement feature (if possible).

[github-actions[bot]]

@KevinEyo1 Each PR must have a SEMVER impact label, please remember to label the PR properly.