Adding Zizmor and minor refactor

[AlexanderBarabanov]

📝 Adding Zizmor and minor refactor

This PR adds Zizmor - static analysis tool for GitHub Actions.

This PR also introduces minor improvements to security scan workflows, including:

• Zizmor and Bandit were added to the pre-commit checks and aligned with the corresponding PR checks (Semgrep was not added, as Windows is not currently supported). High-severity Zizmor findings were fixed to ensure pre-commit checks pass.
• Artifact uploads were moved from the reusable security workflows to the corresponding composite actions.
• The README and Contributing Guide were updated with information about the security tools and instructions on how to suppress false positives.

Zizmor behavior was tested in a fork (e.g., failing a PR with medium severity findings, passing a PR with only low severity findings, scanning the full scope and uploading results for all severities), works as expected.

✨ Changes

Select what type of change your PR is:

• 🐞 Bug fix (non-breaking change which fixes an issue)
• 🔨 Refactor (non-breaking change which refactors the code base)
• 🚀 New feature (non-breaking change which adds functionality)
• 💥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
• 📚 Documentation update
• 🔒 Security update

✅ Checklist

Before you submit your pull request, please make sure you have completed the following steps:

• 📋 I have summarized my changes in the CHANGELOG and followed the guidelines for my type of change (skip for minor changes, documentation updates, and test enhancements).
• 📚 I have made the necessary updates to the documentation (if applicable).
• 🧪 I have written tests that support my changes and prove that my fix is effective or my feature works (if applicable).

For more information about code review checklists, see the Code Review Checklist.