Add check-spelling

Author: jsoref

.github/actions/spelling/README.md

@@ -0,0 +1,15 @@
+# check-spelling/check-spelling configuration
+
+File | Purpose | Format | Info
+-|-|-|-
+[dictionary.txt](dictionary.txt) | Replacement dictionary (creating this file will override the default dictionary) | one word per line | [dictionary](https://github.com/check-spelling/check-spelling/wiki/Configuration#dictionary)
+[allow.txt](allow.txt) | Add words to the dictionary | one word per line (only letters and `'`s allowed) | [allow](https://github.com/check-spelling/check-spelling/wiki/Configuration#allow)
+[reject.txt](reject.txt) | Remove words from the dictionary (after allow) | grep pattern matching whole dictionary words | [reject](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-reject)
+[excludes.txt](excludes.txt) | Files to ignore entirely | perl regular expression | [excludes](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-excludes)
+[only.txt](only.txt) | Only check matching files (applied after excludes) | perl regular expression | [only](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-only)
+[patterns.txt](patterns.txt) | Patterns to ignore from checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns)
+[expect.txt](expect.txt) | Expected words that aren't in the dictionary | one word per line (sorted, alphabetically) | [expect](https://github.com/check-spelling/check-spelling/wiki/Configuration#expect)
+[advice.md](advice.md) | Supplement for GitHub comment when unrecognized words are found | GitHub Markdown | [advice](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-advice)
+
+Note: you can replace any of these files with a directory by the same name (minus the suffix)
+and then include multiple files inside that directory (with that suffix) to merge multiple files together.

.github/actions/spelling/advice.md

@@ -0,0 +1,27 @@
+<!-- See https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-advice --> <!-- markdownlint-disable MD033 MD041 -->
+<details><summary>If you see a bunch of garbage</summary>
+
+If it relates to a ...
+<details><summary>well-formed pattern</summary>
+
+See if there's a [pattern](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-patterns) that would match it.
+
+If not, try writing one and adding it to the `patterns.txt` file.
+
+Patterns are Perl 5 Regular Expressions - you can [test](
+https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your lines.
+
+Note that patterns can't match multiline strings.
+</details>
+<details><summary>binary-ish string</summary>
+
+Please add a file path to the `excludes.txt` file instead of just accepting the garbage.
+
+File paths are Perl 5 Regular Expressions - you can [test](
+https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your files.
+
+`^` refers to the file's path from the root of the repository, so `^README\.md$` would exclude [README.md](
+../tree/HEAD/README.md) (on whichever branch you're using).
+</details>
+
+</details>

.github/actions/spelling/allow.txt

@@ -0,0 +1,64 @@
+# See https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-excludes
+(?:^|/)(?i)COPYRIGHT
+(?:^|/)(?i)LICEN[CS]E
+(?:^|/)package(?:-lock|)\.json$
+(?:^|/)vendor/
+ignore$
+\.avi$
+\.exe$
+\.ico$
+\.jpe?g$
+\.lock$
+\.map$
+\.min\..
+\.mod$
+\.mp[34]$
+\.pdf$
+\.png$
+\.wav$
+^attack/disclosure-directory/
+^attack/disclosure-localpaths/
+^attack/email/
+^attack/file-upload/malicious-images/
+^attack/html_js_fuzz/
+^attack/ip/
+^attack/json/
+^attack/unicode/
+^attack/xml/
+^discovery/dns/
+^discovery/predictable-filepaths/
+^discovery/UserAgent/
+^docs/misc/htmlcodes-cheatsheet\.htm$
+^wordlist
+^\.github/
+^\Qattack/file-upload/alt-extensions-asp.txt\E$
+^\Qattack/file-upload/alt-extensions-coldfusion.txt\E$
+^\Qattack/file-upload/alt-extensions-jsp.txt\E$
+^\Qattack/file-upload/alt-extensions-php.txt\E$
+^\Qattack/file-upload/file-ul-filter-bypass-microsoft-asp.txt\E$
+^\Qattack/file-upload/file-ul-filter-bypass-ms-php.txt\E$
+^\Qattack/file-upload/file-ul-filter-bypass-x-platform-php.txt\E$
+^\Qattack/html_js_fuzz/html_attributes.txt\E$
+^\Qattack/html_js_fuzz/javascript_events.txt\E$
+^\Qattack/http-protocol/crlf-injection.txt\E$
+^\Qattack/http-protocol/known-uri-types.txt\E$
+^\Qattack/integer-overflow/integer-overflows.txt\E$
+^\Qattack/lfi/JHADDIX_LFI.txt\E$
+^\Qattack/mimetypes/MimeTypes.txt\E$
+^\Qattack/os-cmd-execution/Commands-Linux.txt\E$
+^\Qattack/os-cmd-execution/Commands-Windows.txt\E$
+^\Qattack/path-traversal/path-traversal-windows.txt\E$
+^\Qattack/path-traversal/traversals-8-deep-exotic-encoding.txt\E$
+^\Qattack/rfi/rfi.txt\E$
+^\Qattack/unicode/upsidedown.txt\E$
+^\Qattack/xss/html-event-attributes.txt\E$
+^\Qattack/xss/test.xxe\E$
+^\Qattack/xss/xss-other.txt\E$
+^\Qdiscovery/dns/alexaTop1mAXFRcommonSubdomains.txt\E$
+^\Qdiscovery/URI_SCHEMES/IANA_registerd_URI_schemes.txt\E$
+^\Qdiscovery/UserAgent/UserAgents.txt\E$
+^\Qregex/breakpoint-ignores.txt\E$
+^\Qregex/pii.readme.txt\E$
+^\Qregex/pii.txt\E$
+^\Qregex/sessionid.txt\E$
+^\Qweb-backdoors/sh/cmd.sh\E$