Add zizmor pre-commit hook

[jakob-keller]

Description of Change

Add zizmor pre-commit hook

Assumptions

None

Checklist for All Submissions

• I have added change info to CHANGES.rst
• If this is resolving an issue (needed so future developers can determine if change is still necessary and under what conditions) (can be provided via link to issue with these details): closes Add zizmor GitHub workflow #1334
  • Detailed description of issue
  • Alternative methods considered (if any)
  • How issue is being resolved
  • How issue can be reproduced
• If this is providing a new feature (can be provided via link to issue with these details):
  • Detailed description of new feature
  • Why needed
  • Alternatives methods considered (if any)

Checklist when updating botocore and/or aiohttp versions

• I have read and followed CONTRIBUTING.rst
• I have updated test_patches.py where/if appropriate (also check if no changes necessary)
• I have ensured that the awscli/boto3 versions match the updated botocore version
• I have added URL to diff: boto/botocore@[CURRENT_BOTO_VERSION_TAG]...[NEW_BOTO_VERSION_TAG]

[webknjaz]

I'm not sure if a pre-commit hook is needed (not until all the fixes are applied at least, so that there's no easy way for a malicious actor to see them).

But I'd like to point out that it's a good idea to integrate https://woodruffw.github.io/zizmor/usage/#with-advanced-security-recommended in a way that it'd show security alerts via https://github.com/aio-libs/aiobotocore/security/code-scanning, viewable by the maintainers but not arbitrary accounts.