Workflows to verify GitHub actions provided by the PTB

[ArBridgeman]

Summary

We already verify the python-environment action, but we should also test security-issues and in general make it a habit to test our actions (e.g. upcoming uv one).

This might be more of a parent issue, & the items better suited in sub-issues.

To Dos

verify-poetry-installation

• Move verify-poetry-installation into its own workflow
• Call the new workflow for verify-poetry-installation in merge-gate
  • Add it after slow-checks
  • Set it to have needs: [ run-slow-tests ]
  • Add it to needs: [ fast-checks, slow-checks ] so that it is required for the merge-gate

security-issues

This could be thought of a bit more.

Option 1

• Create a workflow to set roughly security-issues
  • Build the python package in one job & upload it as an artifact
  • In another job download the artifact, install it similar to in security-issues & execute the commands but with --help appended:
    • tbx security --help
    • tbx security cve --help

PTB templated workflows

• Run poetry run -- tbx workflows update
• Check output & resolve differences. As we have the verify-poetry-installation workflow, we do NOT need to replace exasol/python-toolbox/.github/actions/python-environment@vx
  with ./.github/actions/python-environment as we usually do. 🥳