Thank you very much for Zizmor, it is an incredible tool 🙏

Background

At my current place of work we are in the unfortunate position of using private repositories, but not paying for GitHub Advanced Security. This means we cannot use the advanced-security switch. We'd still like to surface the errors reported by Zizmor directly in PRs (instead of logs) though, so we've taken to using problem matchers to detect Zizmor errors/warnings and surface them in-code-view (we could also use --format=github, but that makes the logs themselves less helpful, since the normal output is no longer visible).

{
  "problemMatcher": [
    {
      "owner": "zizmor-error",
      "severity": "error",
      "pattern": [
        {
          "regexp": "^error\\[([\\w-]+)\\]: (.+)$",
          "code": 1,
          "message": 2
        },
        {
          "regexp": "^\\s+-->\\s+(.+):(\\d+):(\\d+)",
          "file": 1,
          "line": 2,
          "column": 3
        }
      ]
    },
    {
      "owner": "zizmor-warning",
      "severity": "warning",
      "pattern": [
        {
          "regexp": "^warning\\[([\\w-]+)\\]: (.+)$",
          "code": 1,
          "message": 2
        },
        {
          "regexp": "^\\s+-->\\s+(.+):(\\d+):(\\d+)",
          "file": 1,
          "line": 2,
          "column": 3
        }
      ]
    }
  ]
}

Unfortunately colorized output breaks that, because ANSI escape codes are inserted in the output logs. Previously we have solved this by running Zizmor with --color=never or NO_COLOR=1, but neither of those solutions seem to work with this action.

Description

It'd be nice to support the --color parameter to Zizmor as an input to this action. That way we can disable the colorization, which in turn will let us use problem matchers to surface the Zizmor errors.