Consider composer validation commands

[internalsystemerror]

Feature Request

Q	A
New Feature	yes
RFC	yes
BC Break	yes/no maybe?

Summary

1. Run composer validate to confirm that there are no issues with the composer.json file.
2. Run composer check-platform-reqs, at least where --ignore-platform-reqs is not used in order to confirm that the installed packages should function correctly.
3. Run composer audit to get a list of the vulnerable packages (if any) as the warning on install just lists the number of vulnerable packages, not what they are https://github.com/laminas/laminas-cli/runs/8005445567?check_suite_focus=true#step:3:315

[Ocramius]

Prior to running composer install

I really want this sort of stuff in independent jobs, not in "before" or "after" scripts.

Having to jump in a failed PHPUnit job because something completely unrelated failed is no fun :D

[internalsystemerror]

Good idea, I should probably transfer this to the matrix action repository.

[internalsystemerror]

Hmmm... My original thoughts for adding this to the integration action are because if composer install fails, I'm not sure it will then proceed to composer validate in order to get more information as to why it failed. But the information given is an assumption, I intend to do some testing to see what benefits composer validate could bring us over a simple install.

As it relates to the composer check-platform-reqs command, having this as a separate job would mean that a new job would need to be created for each option in the matrix (7.4-lowest, 7.4-latest, 7.4-locked, 8.0-lowest, 8.0-latest, 8.1-lowest, 8.1-latest).

[internalsystemerror]

Also adding composer audit for consideration (issue description updated)