ci: run DevSkim analysis

DevSkim is security linter that highlights common security issues in source code.
https://github.com/microsoft/DevSkim-Action

.github/workflows/ci.yml

@@ -45,8 +45,8 @@ jobs:
           dotnet build --configuration Release --no-restore
           dotnet test --configuration Release --verbosity minimal --no-build
 
-  analyze:
-    name: code analysis
+  code-ql:
+    name: code-ql analysis
     runs-on: ubuntu-latest
     permissions:
       actions: read
@@ -80,3 +80,25 @@ jobs:
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v3
+
+  dev-skim:
+    name: dev skim analysis
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - name: Checkout Git repository
+        uses: actions/checkout@main
+
+      - name: Run DevSkim scanner
+        uses: microsoft/DevSkim-Action@main
+        with:
+          directory-to-scan: src
+          extra-options: '--console-verbosity Verbose --skip-git-ignored-files true'
+
+      - name: Upload DevSkim scan results to GitHub security
+        uses: github/codeql-action/upload-sarif@main
+        with:
+          sarif_file: devskim-results.sarif