This adds the Github action for using Snyk to scan for dependency
vulnerabilities in Vanagon projects. Bolt doesn't add any additional
dependencies on top of puppet-runtime besides itself, so this should
pretty much duplicate the puppet-runtime scans, but adding it here so
the scan runs more often, reports to Snyk, and still does scans if we do
ever add additional dependencies here.
This adds the Github action for using Snyk to scan for dependency vulnerabilities in Vanagon projects. Bolt doesn't add any additional dependencies on top of puppet-runtime besides itself, so this should pretty much duplicate the puppet-runtime scans, but adding it here so the scan runs more often, reports to Snyk, and still does scans if we do ever add additional dependencies here.