infra: add basic CI and security audit workflows

This introduces two workflows: one for basic CI (format and check) and
one for security audits. The security audit workflow probably isn't
going to catch anything, but it only runs when the cargo manifest
changes, so hopefully it doesn't slow things down too much. The CI
workflow is designed to run `cargo fmt` against the code and to run
`cargo check` with every combination of options. Right now, the
`unproven` feature must be enabled, which ends up requiring a nightly
compiler. As a result, the build matrix only runs two variants (one for
each of the two supported devices). Once builds can be done without the
`unproven` feature, `~` can be added to the `proven` dimension of the
matrix, which will then allow builds to run against both nightly and
stable.

Regarding the actual implementation, there are a few quirks in this
config.

The verbose `on` object is the result of pushes to pull requests
triggering the workflow twice - the workflow is triggerd by both the
`push` and `pull_request` events. By restricting these to the master
branch, it ensures that only pushes to the master branch or pull
requests to the master branch (but not pushes to pull request branches)
trigger.

The bizarre construction of the `run` step in the `check` job is needed
because GitHub isn't parsing the declaration correctly [1]. The
preferred syntax would be to make use of the folded chomping block
operator and to drop the shell linewraps. Something closer to this:

```yaml
steps:
  - run: >-
      cargo check
        --verbose
        --no-default-features
```

[1]: actions/runner#418

.github/workflows/ci.yaml

@@ -0,0 +1,52 @@
+name: CI
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  format:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          components: rustfmt
+          override: true
+      - uses: mbrobbel/rustfmt-check@master
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: nightly
+          target: thumbv7m-none-eabi
+          override: true
+      - run: |
+          cargo check \
+            --verbose \
+            --no-default-features \
+            --features="${{matrix.chip}} ${{matrix.proven}}" \
+            --target="${{matrix.target}}"
+    strategy:
+      fail-fast: false
+      matrix:
+        chip:
+          - chip-efm32gg
+          - chip-efr32xg1
+        proven:
+          - unproven
+        toolchain:
+          - stable
+          - nightly
+        target:
+          - thumbv7m-none-eabi
+        exclude:
+          - toolchain: stable
+            proven: unproven

.github/workflows/security.yaml

@@ -0,0 +1,17 @@
+name: Security Audit
+on:
+  push:
+    branches: [ master ]
+    paths: [ Cargo.toml ]
+  pull_request:
+    branches: [ master ]
+    paths: [ Cargo.toml ]
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}

README.md

@@ -1,3 +1,5 @@
+![CI Status](https://github.com/crawford/action-test/workflows/CI/badge.svg)
+
 `efm32gg-hal`
 -------------