chore: implement code scanning (#3)

Adds PR vulnerability and license scanning, and master build release
creation & SBOM generation.

.github/workflows/unit-tests.yaml

@@ -3,6 +3,10 @@ name: Unit Tests
 on:
   pull_request:
   push:
+    branches: [master]
+
+permissions:
+  contents: write
 
 jobs:
   unit-tests:
@@ -18,3 +22,13 @@ jobs:
 
       - name: Run Unit Tests
         run: make test
+
+  scan:
+    needs: unit-tests
+    if: github.event_name == 'pull_request'
+    uses: circlefin/circle-public-github-workflows/.github/workflows/pr-scan.yaml@v1
+
+  release-sbom:
+    needs: unit-tests
+    if: github.event_name == 'push'
+    uses: circlefin/circle-public-github-workflows/.github/workflows/attach-release-assets.yaml@v1