Add zizmor pre-commit and fix reported issues

[BarbUk]

• Add zizmor precommit
• Fix ci workflow

Description

https://github.com/zizmorcore/zizmor is a static analysis tool for github action.

This PR add a precommit hook to check the CI workflow if modified.

Motivation and Context

Github workflow can be a security issue when not configured properly.
Zizmor will check for issues and report recommantion on how to fix those.

How Has This Been Tested?

❯ zizmor .github/
🌈 zizmor v1.23.1
 INFO audit: zizmor: 🌈 completed .github/workflows/ci.yml
No findings to report. Good job! (9 suppressed)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My code follows the code style of this project.
• If my change requires a change to the documentation, I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• If I have added a new file, I also added it to clean_files.txt and formatted it using lint_clean_files.sh.
• I have added tests to cover my changes, and all the new and existing tests pass.

[seefood]

I played with the idea, but I think it's an overkill to add this as a pre-commit dependency... this is maybe more of a post-commit action in the CI? what do you think?