ci: change cve-scan workflow to use python 3.11

[terriko]

https://github.com/intel/cve-bin-tool/blob/775a8b3b2db4f3a7acd4633f769d4da71eec3899/.github/workflows/cve_scan.yml#L25C30-L25C30

We're getting errors from the cve-scan job that look suspiciously like the errors we saw when trying out python 3.12. I'd like to switch that workflow to use python 3.11 explicitly (or 3.10, or 3.9) so it's on something we know works.

This should be a one-line change (change 3.x in .github/workflows/cve_scan.yml to be 3.11) so I'm going to mark this as a good first issue and suitable for hacktoberfest folk who are still looking to get their last commits in.

Short tips for new contributors:

• cve-bin-tool's contributor docs
• If you've contributed to open source but not this project, you might just want our checklist for a great pull request
• cve-bin-tool uses https://www.conventionalcommits.org/ style for commit messages, and we have a test that checks the title of your pull request (PR). A good potential title for this one is in the title of this issue.
• You can make an issue auto close by including a comment "fixes #ISSUENUMBER" in your PR comments where ISSUENUMBER is the actual number of the issue. This "links" the issue to the pull request.

Claiming issues:

• You do not need to have an issue assigned to you before you work on it. To "claim" an issue either make a linked pull request or comment on the issue saying you'll be working on it.
• If someone else has already commented or opened a pull request, assume it is claimed and find another issue to work on.
• If it's been more than 1 week without progress, you can ask in a comment if the claimant is still working on it before claiming it yourself (give them at least 3 days to respond before assuming they have moved on).

[terriko]

We probably need to change the format checkers job to use an explicit version of python too:

https://github.com/intel/cve-bin-tool/blob/main/.github/workflows/formatting.yml

[CrypticRevenger]

@terriko can you please assign me, I want to work on it.

[terriko]

@CrypticRevenger have fun! If you get a chance, check and see if anything else in our workflows uses 3.x, but the cve-scan one is the most urgent one to get fixed.

[CrypticRevenger]

@terriko mam , Please review the PR. Thank you.