chore: add semgrep linting (#12524)

.github/workflows/semgrep.yml

@@ -0,0 +1,13 @@
+name: Semgrep
+
+on:
+  pull_request: {}
+
+jobs:
+  semgrep:
+    name: Frappe Linter
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: returntocorp/semgrep-action@v1
+

.semgrep.yml

@@ -0,0 +1,29 @@
+#Reference: https://semgrep.dev/docs/writing-rules/rule-syntax/
+
+rules:
+- id: eval
+  patterns:
+  - pattern-not: eval("...")
+  - pattern: eval(...)
+  message: |
+    Detected the use of eval(). eval() can be dangerous if used to evaluate
+    dynamic content. Avoid it or use safe_eval().
+  languages:
+  - python
+  severity: ERROR
+
+# translations
+- id: frappe-translation-syntax-python
+  pattern-either:
+  - pattern: _(f"...")  # f-strings not allowed
+  - pattern: _("..." + "...")  # concatenation not allowed
+  - pattern: _("")  # empty string is meaningless
+  - pattern: _("..." % ...)  # Only positional formatters are allowed.
+  - pattern: _("...".format(...))  # format should not be used before translating
+  - pattern: _("...") + ... + _("...")  # don't split strings
+  message: |
+    Incorrect use of translation function detected.
+    Please refer: https://frappeframework.com/docs/user/en/translations
+  languages:
+  - python
+  severity: ERROR