feat(ci): add trivy scan

[fengshunli]

Note on DCO:

If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the Details link next to the DCO action for instructions on how to resolve this.

Checklist:

• Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
• The title of the PR states what changed and the related issues number (used for the release note).
• The title of the PR conforms to the Toolchain Guide
• I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
• I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
• Does this PR require documentation updates?
• I've updated documentation as required by this PR.
• Optional. My organization is added to USERS.md.
• I have signed off all my commits as required by DCO
• I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
• My build is green (troubleshooting builds).
• My new feature complies with the feature status guidelines.
• I have added a brief description of why this PR is necessary and/or what this PR solves.

Please see Contribution FAQs if you have questions about your pull-request.

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[codecov]

Codecov Report

Patch coverage has no change and project coverage change: +0.03 🎉

Comparison is base (faaa302) 49.72% compared to head (3165b56) 49.75%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #14456      +/-   ##
==========================================
+ Coverage   49.72%   49.75%   +0.03%     
==========================================
  Files         261      261              
  Lines       44707    44754      +47     
==========================================
+ Hits        22230    22268      +38     
- Misses      20289    20295       +6     
- Partials     2188     2191       +3     

see 11 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[todaywasawesome]

I don't see a problem with doing this but we also already have a number of security scans. What's the additional benefit of adding another one? Do they use different databases?

[fengshunli]

I don't see a problem with doing this but we also already have a number of security scans. What's the additional benefit of adding another one? Do they use different databases?

yes