What security checks should be included in a CI/CD pipeline for infrastructure as code such as Terraform or CloudFormation?