ci: run the fuzz target on PRs

using https://google.github.io/oss-fuzz/getting-started/continuous-integration/

It downloads the corpus OSS-Fuzz has accumulated so far (including the
test cases that triggered issues in the past) and runs the fuzz target
with it. It should help to catch most regressions when PRs are opened.

Prompted by #4373.

Author: evverx

.github/workflows/cifuzz.yml

@@ -0,0 +1,39 @@
+name: CIFuzz
+
+on:
+  pull_request:
+    branches: [master]
+
+permissions:
+  contents: read
+
+jobs:
+  Fuzzing:
+    runs-on: ubuntu-latest
+    if: github.repository == 'secdev/scapy'
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}
+      cancel-in-progress: true
+
+    steps:
+      - name: Build Fuzzers
+        id: build
+        uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+        with:
+          oss-fuzz-project-name: 'scapy'
+          language: python
+          dry-run: false
+          allowed-broken-targets-percentage: 0
+      - name: Run Fuzzers
+        uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+        with:
+          oss-fuzz-project-name: 'scapy'
+          language: python
+          dry-run: false
+          fuzz-seconds: 300
+      - name: Upload Crash
+        uses: actions/upload-artifact@v4
+        if: failure() && steps.build.outcome == 'success'
+        with:
+          name: artifacts
+          path: ./out/artifacts