Create devskim.yml to enable GitHub code scanning for this repository

[niStee]

Standards checklist:

• The PR title is descriptive.
• I have read CONTRIBUTING.md
• The code compiles (cargo build)
• The code passes rustfmt (cargo fmt)
• The code passes clippy (cargo clippy)
• The code passes tests (cargo test)
• Optional: I have tested the code myself

For new steps

• Optional: Topgrade skips this step where needed
• Optional: The --dry-run option works with this step
• Optional: The --yes option works with this step if it is supported by
  the underlying command

If you developed a feature or a bug fix for someone else and you do not have the
means to test it, please tag this person here.

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[SteveLauC]

This seems to be a nice feature to add, but reports warning even to TODOs:

Is there a rule that we can use to stop it from doing this?

[niStee]

This seems to be a nice feature to add, but reports warning even to TODOs:

Is there a rule that we can use to stop it from doing this?

I have not yet found a way to not check for TODOs, but you can either dismiss them or define them as not severe enough to cause a pull-request to fail a review.

[SteveLauC]

but you can either dismiss them or define them as not severe enough to cause a pull-request to fail a review.

I have dismissed those alerts.

Would you like to enable this check for PRs by not limiting the branches to main?

[SteveLauC]

Thanks! :)