Add YARA-CI GitHub App as part of CI Checks

[egibs]

The YARA-CI app can be used to scan all of the Yara rules in a given repository and provide feedback on any issues as well as false positive and negative reports.

Initially this should be non-blocking since there are current warnings/failures.

Here's an example from my fork:

• False Positives: https://github.com/egibs/bincapz/runs/24589510037
• False Negatives: https://github.com/egibs/bincapz/runs/24589510072
• Rules Analysis: https://github.com/egibs/bincapz/runs/24589509966

Checks:

Configuration docs:

• https://yara-ci.cloud.virustotal.com/configuration/basic/
• https://yara-ci.cloud.virustotal.com/configuration/variables/
• https://yara-ci.cloud.virustotal.com/configuration/false_positives/
• https://yara-ci.cloud.virustotal.com/configuration/false_negatives/

[tstromberg]

FWIW, we're always going to want to turn off false-positives, as our rules are designed to match any program. From https://yara-ci.cloud.virustotal.com/configuration/false_negatives/

false_positives:
  disabled: true

As far as the false negatives, go ahead and leave them for now. I'll probably just end up removing them and resetting the hashes. I had initially populated most of them with https://github.com/chainguard-dev/yato - a PoC which later inspired bincapz.

[tstromberg]

I've enabled it - sending out a cleanup PR imminently. Thanks for opening this!