Merge pull request #97 from kernel/sayan/kernel-1191-finalize-scope-of-repos-under-elevated-vulnerability

ci: add Semgrep SAST scanning on pull requests

Author: Sayan-

.github/workflows/semgrep.yml

@@ -0,0 +1,17 @@
+name: Semgrep
+
+on:
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  scan:
+    uses: kernel/security-workflows/.github/workflows/semgrep.yml@main
+    with:
+      extra-configs: '--config p/python --config p/trailofbits'
+      codebase-description: 'Stainless-generated Python SDK for the Kernel API (public PyPI package used by customers)'
+    secrets: inherit