Add Checkton workflow

Checkton is a GitHub action that runs ShellCheck on scripts embedded in
YAML files (https://github.com/chmeliik/checkton)

Signed-off-by: Adam Cmiel <[email protected]>

.github/workflows/checkton.yaml

@@ -0,0 +1,33 @@
+name: Checkton
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          # Differential Checkton requires full git history
+          fetch-depth: 0
+
+      - name: Run Checkton
+        id: checkton
+        uses: chmeliik/[email protected]
+        with:
+          # Set to false when re-enabling SARIF uploads
+          fail-on-findings: true
+          find-copies-harder: true
+
+      # Currently, code scanning alerts annoyingly stay open even if you fix them.
+      # Don't upload SARIF until https://github.com/orgs/community/discussions/132787 is resolved.
+
+      # - name: Upload SARIF file
+      #   uses: github/codeql-action/upload-sarif@v3
+      #   with:
+      #     sarif_file: ${{ steps.checkton.outputs.sarif }}
+      #     # Avoid clashing with ShellCheck
+      #     category: checkton