update main.yml with linters and scanners

[aarz-snl]

Update workflow to perform linting and security scans

🗣 Description

I have updated the pipeline with a workflow that includes some linting and security scanning.

Jobs will run the same as they have always run. Upon PR to main, upon commit to main. Release stage will only run upon creation of a new tag.

💭 Motivation and context

pipeline currently had place holders. This is so we actually starting linting / security scanning our scripts

🧪 Testing

Pipeline was tested in PRIV and you can review the results of the actions in this PR.

✅ Pre-approval checklist

• This PR has an informative and human-readable title.
• Changes are limited to a single goal - eschew scope creep!
• All future TODOs are captured in issues, which are referenced
  in code comments.
• All relevant type-of-change labels have been added.
• I have read the CONTRIBUTING document.
• These code changes follow cisagov code standards.
• All relevant repo and/or project documentation has been updated
  to reflect the changes in this PR.
• Tests have been added and/or modified to cover the changes in this PR.
• All new and existing tests pass.

✅ Pre-merge checklist

• Revert dependencies to default branches.
• Finalize version.

✅ Post-merge checklist

• Create a release.

[llwaterhouse]

I would like to save this PR for our December release. Please update the "commit into" branch from "main" to our next release branch. Thanks!

[aarz-snl]

Closing and will reopen with a PR to december release.