ghactions: Trigger snyk on 'pull-request, rather than 'push'

[cfergeau]

This should fix this error on PRs from dependabot:

Error: Workflows triggered by Dependabot on the "push" event run with
read-only access. Uploading Code Scanning results requires write access.
To use Code Scanning with Dependabot, please ensure you are using the
"pull_request" event for this workflow and avoid triggering on the
"push" event for Dependabot branches. See
https://docs.github.com/en/code-security/secure-coding/configuring-code-scanning#scanning-on-push
for more information on how to configure these events.

[openshift-ci[bot]]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please ask for approval from cfergeau. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/crc-org/vfkit/blob/main/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[cfergeau]

closed/reopened to check that the code scanning workflow is triggered as expected.

[cfergeau]

Can't get a valid token for snyk, I'll just disable this for now.