chore: Includes GH actions dependency review in PR checks

[AgustinBettati]

Description

We have this action in our CFN repository but was missing here.

Type of change:

• Bug fix (non-breaking change which fixes an issue). Please, add the "bug" label to the PR.
• New feature (non-breaking change which adds functionality). Please, add the "enhancement" label to the PR.
• Breaking change (fix or feature that would cause existing functionality to not work as expected). Please, add the "breaking change" label to the PR.
• This change requires a documentation update
• Documentation fix/enhancement

Required Checklist:

• I have signed the MongoDB CLA
• I have read the contribution guidelines
• I have checked that this change does not generate any credentials and that they are NOT accidentally logged anywhere.
• I have added tests that prove my fix is effective or that my feature works per HashiCorp requirements
• I have added any necessary documentation (if appropriate)
• I have run make fmt and formatted my code
• If changes include deprecations or removals, I defined an isolated PR with a relevant title as it will be used in the auto-generated changelog.
• If changes include removal or addition of 3rd party GitHub actions, I updated our internal document. Reach out to the APIx Integration slack channel to get access to the internal document.

Further comments

[AgustinBettati]

Will wait to merge as we saw a false positive raised in CFN repository PR, raised an issue to the dependency-review-action to get more clarity: actions/dependency-review-action#676.

[lantoli]

Suggested change

	if: ${{ github.event_name == 'pull_request' }}

I would remove the check for pr and will do always, e.g. why not do it if workflow_dispatch?

[lantoli]

thx! is it in cdk repo as well?

[github-actions]

This PR has gone 7 days without any activity and meets the project’s definition of "stale". This will be auto-closed if there is no new activity over the next 7 days. If the issue is still relevant and active, you can simply comment with a "bump" to keep it open, or add the label "not_stale". Thanks for keeping our repository healthy!

[AgustinBettati]

Closing this PR for now, actions/dependency-review-action#676 confirmed that this action is not able to infer the proper ordering of pinned GitHub Actions versions so this will likely bring up false positives.