This adds a new job to our GitHub Actions to use
`dependency-review-action`. From that project's description:

```
This action scans your pull requests for dependency changes
and will raise an error if any new dependencies have existing
vulnerabilities.
```

This should help us catch if there are any cases where we are adding a
dependency for something with a known CVE.
Signed-off-by: Sean McGinnis <smcginnis@vmware.com>