ci: Add workflow to run a FOSSA scan

Apparently the "Quick Import" feature from FOSSA is not good enough for
Rust projects, and we need to run the FOSSA CLI tool, either ourselves
or using the official GitHub Action. This commit introduces a new
workflow that uses this Action to perform a scan on Pull Requests and on
pushes to the main branch.

Signed-off-by: Quentin Monnet <[email protected]>

Author: qmonnet

.github/workflows/fossa.yml

@@ -0,0 +1,29 @@
+# Run FOSSA scan
+#
+# Resources:
+#
+# - GitHub Action:
+#   https://github.com/marketplace/actions/official-fossa-action
+#
+# - Reports:
+#   https://app.fossa.com/projects/custom%252B43661%252Fgithub.com%252Fgithedgehog%252Fdataplane/
+
+on:
+  pull_request: { }
+  push:
+    branches:
+      - main
+
+concurrency:
+  group: "${{ github.workflow }}:${{ github.event.pull_request.number || github.event.after || github.event.merge_group && github.run_id }}"
+  cancel-in-progress: true
+
+jobs:
+  fossa-scan:
+    name: "FOSSA Scan"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: fossas/fossa-action@v1
+        with:
+          api-key: ${{secrets.FOSSA_API_KEY}}