[LOTP] Add grype

[fproulx-boostsecurity]

Description of the LOTP tool

Grype is an SCA tool that can be configured we a config file.

Configuration files

https://github.com/anchore/grype#configuration

looks like it might but be possible to achieve some RCE by overriding a Docker image it uses ? TBD?

This is still very speculative.

[fproulx-boostsecurity]

Hmmm probably ok