Add KICS security checks

[widhalmt]

Implement code tests with KICS: https://kics.io/

This new workflow does the following:

Manually create an output directory
Use a predefined action to use the KICS security scanner on the whole
repository. Configured to output results in the beforementioned
directory.
Use another predefined action to upload the output in SARIF format so
GitHub can interpret and visualize all found issues.
The current configuration will not fail on any issues being detected.
Code to activate failing is still in the comments and can be re-enabled
as soon as we got the checks going and fixed the current issues.

If we enable failing on certain issue levels we should also require the
check to succeed before merging. Currently it's just informational and
will not block merging.

Predefined GitHub actions now aren't refered to by their version tag.
Instead we use SHA checksums of Git commits. (as suggested by GitHub -
see below)

Please see comments from GitHub in this PR. They will make more clear
what this all is for.

Reference:

https://docs.kics.io/latest/integrations_ghactions/
Pin all GitHub Actions to a full length commit SHA carbon-design-system/carbon#14052
https://github.com/Checkmarx/kics-github-action

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.