add trufflehog scans to workflows

.github/workflows/secret-scan.yaml

@@ -0,0 +1,20 @@
+name: secret-scan
+on:
+  pull_request:
+    paths:
+      # Catch-all
+      - "**"
+
+
+jobs:
+  secret-scan: # scan for any live secrets in the repository using trufflehog
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      with:
+        fetch-depth: 0
+    - name: Secret Scanning
+      uses: trufflesecurity/trufflehog@main
+      with:
+        extra_args: --only-verified