feat: added trivy repository mode scan

[baizon]

Hi, I've added a Trivy action scanner (in repository mode), to scan for security vulnerabilities. The results would be sent to the security tab (can be changed). I'm using it for all my repositories and recommend it. If you like the idea, You can ask me anything. A example run can be seen on my fork here. For more information see: https://github.com/aquasecurity/trivy-action?tab=readme-ov-file#usage

[github-advanced-security[bot]]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[benma]

Thanks. The results so far look identical to dependabot, plus a few false positives. I personally think one such tool is enough, so I slightly lean against adding this tool in addition to dependabot. Wdyt @Beerosagos @thisconnect?

Edit: on second thought, I guess it can't hurt to have more notifications, and trivy does not make PRs like dependabot... I am okay with merging this.

[baizon]

Another use case would be, that with every PR that you get, you can see if a security vulnerability is introduced. I'm no sure, if dependabot is checking the PR.

[benma]

Alright, let's give it a shot. Thanks.