ci: add workflow to block .env file in pull requests

Relates to #2

Author: sntntn

.github/workflows/check-env.yml

@@ -0,0 +1,24 @@
+name: Check for .env in PR
+
+on:
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  check-env:
+    name: Ensure .env file is not committed
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Check for .env file in PR
+        run: |
+          echo "Checking for .env files..."
+          if git diff --name-only origin/main...HEAD | grep -E '^(\.env|.*\/\.env)$'; then
+            echo "ERROR: .env file detected in pull request. Please remove it before merging."
+            exit 1
+          else
+            echo "No .env files found in PR."
+          fi