chore(ci): update zizmor and use zizmor-action in workflow

Makefile

@@ -31,6 +31,7 @@ WASM_BINDGEN_VERSION:=$(shell cargo tree --target wasm32-unknown-unknown -e all
 WEB_RUNNER_DIR=web-test-runner
 WEB_SERVER_DIR=tfhe/web_wasm_parallel_tests
 TYPOS_VERSION=1.39.0
+ZIZMOR_VERSION=1.16.2
 # This is done to avoid forgetting it, we still precise the RUSTFLAGS in the commands to be able to
 # copy paste the command in the terminal and change them if required without forgetting the flags
 export RUSTFLAGS?=-C target-cpu=native
@@ -188,9 +189,12 @@ install_typos_checker: install_rs_build_toolchain
 
 .PHONY: install_zizmor # Install zizmor workflow security checker
 install_zizmor: install_rs_build_toolchain
-	@zizmor --version > /dev/null 2>&1 || \
-	cargo $(CARGO_RS_BUILD_TOOLCHAIN) install --locked zizmor --version ~1.9 || \
-	( echo "Unable to install zizmor, unknown error." && exit 1 )
+	@./scripts/install_zizmor.sh --rust-toolchain $(CARGO_RS_BUILD_TOOLCHAIN) \
+	--zizmor-version $(ZIZMOR_VERSION)
+
+.PHONY: zizmor_version  # Return zizmor version that will be installed
+zizmor_version:
+	@echo "$(ZIZMOR_VERSION)"
 
 .PHONY: install_cargo_cross # Install cross for big endian tests
 install_cargo_cross: install_rs_build_toolchain