.github: add monthly workflow update-metadata-glsa

Add a new monthly workflow update-metadata-glsa, to sync GLSA(Gentoo
Linux Security Advisories) with upstream Gentoo.

While most individual metadata xml files are available on the upstream
mirror repo https://github.com/gentoo-mirror/gentoo, its binary data
as well as timestamp files do not exist on the public Git repo. So it
is necessary to rsync those data from rsync.gentoo.org, instead of
running sync-with-gentoo script.

sdk_container/src/third_party/portage-stable/.github/workflows/update-metadata-glsa.yml

@@ -0,0 +1,32 @@
+name: Keep GLSA metadata updated
+on:
+  schedule:
+    - cron:  '0 7 1 * *'
+  workflow_dispatch:
+
+jobs:
+  keep-glsa-metadata-updated:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout portage-stable
+        uses: actions/checkout@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Update GLSA metadata
+        id: update-glsa-metadata
+        run: |
+          rm -rf metadata/glsa
+          mkdir --parents metadata/glsa
+          rsync --archive rsync://rsync.gentoo.org/gentoo-portage/metadata/glsa/* ./metadata/glsa/
+          todaydate=$(date +%Y-%m-%d)
+          echo "TODAYDATE=${todaydate}" >>"${GITHUB_OUTPUT}"
+      - name: Create pull request for main branch
+        uses: peter-evans/create-pull-request@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          branch: buildbot/monthly-glsa-metadata-updates-${{steps.update-glsa-metadata.outputs.TODAYDATE }}
+          delete-branch: true
+          base: main
+          title: Monthly GLSA metadata ${{steps.update-glsa-metadata.outputs.TODAYDATE }}
+          body: Updated GLSA metadata
+          labels: main