test: add Brin scanner CI fixture

Author: homanp

.github/workflows/brin-security-scanner-test.yml

@@ -0,0 +1,20 @@
+# DO NOT MERGE: intentionally unsafe workflow used to test the Brin PR scanner.
+name: Brin Security Scanner Test
+
+on:
+  pull_request_target:
+    types: [opened, synchronize]
+
+permissions: write-all
+
+jobs:
+  unsafe-test-fixture:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout untrusted PR code
+        uses: actions/checkout@main
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Interpolate untrusted PR title
+        run: echo "PR title: ${{ github.event.pull_request.title }}"