chore: harden GitHub Actions workflows

[Hartorn]

Summary

• Add top-level permissions: {} with per-job least-privilege grants on all workflows
• Add persist-credentials: false on every actions/checkout step
• Move all ${{ }} expressions out of run: blocks into step-level env: vars (template-injection prevention)
• Pin pypa/gh-action-pypi-publish by full commit SHA (was on release/v1 branch)
• Replace softprops/action-gh-release with native gh release create
• Disable uv cache in release workflow to prevent cache-poisoning on published artifacts
• Add concurrency limits and explicit name: to all jobs (status check names preserved)
• Bootstrap zizmor CI workflow with pedantic persona and GHAS SARIF upload
• Update actions/checkout digest to de0fac2 (latest v6)
• Update astral-sh/setup-uv digest to 37802ad (latest v7)
• Add minimumReleaseAge: "3 days" to renovate.json (supply-chain cooldown)
• Add .github/CREDENTIALS.md to .gitignore (local-only audit doc)

Passes zizmor --pedantic with zero findings.

Supersedes: #70, #71, #73, #75, #77

Security audit status

Area	Status
Dependabot alerts	0 open
Code scanning alerts	0 open
Secret scanning alerts	0 open
Vulnerability alerts	Enabled
Org default token permissions	none (least privilege)
Renovate	Active, helpers:pinGitHubActionDigests, minimumReleaseAge: "3 days"
PyPI publishing	OIDC Trusted Publishing (no static credentials)

Follow-up work (not in this PR)

Release workflow: git push origin main is broken

The release workflow pushes a version bump commit directly to main, which is blocked by two rulesets:

1. Repo-level "main" ruleset — requires a PR + passing status checks, with zero bypass actors
2. Org-level "Main basic protection" ruleset — requires a PR, and GITHUB_TOKEN (integration 15368) is not a bypass actor

Fix steps:

• Create a GitHub App (relais-release) with Contents: Read & Write only
• Install it on the Giskard-AI/relais repo only
• Add it as a bypass_actor to both rulesets (repo-level "main" has zero bypass actors — this is the hard blocker)
• Create a release environment with: variable RELEASE_APP_ID, secret RELEASE_APP_PRIVATE_KEY
• Update create-release.yml to use actions/create-github-app-token and push with the app token instead of GITHUB_TOKEN

PyPI Trusted Publishing

• Verify that the PyPI project has a Trusted Publisher configured for Giskard-AI/relais repo, create-release.yml workflow, build-and-release job, and release environment (if environment is added)

Test plan

• CI passes on this PR (pre_checks, test (3.11–3.14), zizmor)
• Required status check names unchanged (verify in ruleset: pre_checks, test (3.11), test (3.12), test (3.13))

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.