Github: Run PHPStan as action on every push

This should prevent regressions in code flaws detected by PHPStan. Also,
PHPStan complains when the baseline is not advanced after fixing a flaw.
This should prevent a flaw from reappearing later on.

.github/workflows/phpstan.yaml

@@ -0,0 +1,39 @@
+name: PHPStan Static Analyzer
+on: [push]
+jobs:
+  run-phpstan:
+    name: Run PHPStan
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Setup PHP
+      uses: shivammathur/setup-php@v2
+      with:
+        php-version: '8.3'
+        extensions: json, xdebug
+        tools: composer:v2
+
+    - name: Check out code
+      uses: actions/checkout@v2
+
+    - name: Get Composer cache directory
+      id: composer-cache
+      run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+
+    - name: Connect downloaded dependencies with a cache in GitHub
+      uses: actions/cache@v3
+      with:
+        path: ${{ steps.composer-cache.outputs.dir }}
+        # Note: Normally, we'd use the composer.lock to generate a hash,
+        # but the lock file is currently not versioned.
+        key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
+        restore-keys: ${{ runner.os }}-composer-
+
+    - name: Install dependencies
+      run: composer install --prefer-dist
+
+    - name: Audit dependencies
+      run: composer audit
+
+    - name: Run PHPStan
+      run: vendor/bin/phpstan analyse