Add ZAP baseline scan to CI

Dynamically scan AtoM for OWASP top ten issues. Limit reporting to WARN
and above.

.github/workflows/zap-baseline.yml

@@ -0,0 +1,51 @@
+name: DAST Scan
+
+on:
+  pull_request:
+  push:
+    branches:
+    - qa/**
+    - stable/**
+    - dev/owasp-zap-ci
+
+jobs:
+  dynamic-analysis:
+    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+    name: ZAP Baseline Test
+    env:
+      COMPOSE_FILE: ${{ github.workspace }}/docker/docker-compose.dev.yml
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v4
+
+    - name: Create Docker Network
+      run: |
+        docker network create zap_network
+
+    - name: Build and Run AtoM Docker Containers
+      run: |
+        docker compose up -d
+        docker network connect zap_network $(docker compose ps -q atom)
+
+    - name: Run Setup Commands in AtoM Container
+      run: |
+        docker exec $(docker compose ps -q atom) /bin/sh -c "npm install -g 'less@<4.0.0' && make -C plugins/arDominionPlugin && make -C plugins/arArchivesCanadaPlugin && npm run build"
+
+    - name: Run tools:purge in AtoM Container
+      run: |
+        docker exec $(docker compose ps -q atom) php -d memory_limit=-1 symfony tools:purge --demo
+
+    - name: OWASP ZAP baseline scan
+      uses: zaproxy/action-baseline@v0.14.0
+      with:
+        target: 'http://localhost:63001'
+        docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
+        allow_issue_writing: false
+        cmd_options: '-a -r zap_report.html -l WARN'
+
+    - name: Clean Up Docker Containers
+      run: |
+        docker compose down
+        docker network rm zap_network