feat: Add SBOM generation and vulnerability scanning in workflows

[popey]

Description

Adds a step to the release which generates a Software Bill of Materials (SBOM) as an asset in the release. The SBOM can be used by external tools to validate the container contents.

Documentation at: https://github.com/marketplace/actions/anchore-sbom-action

It also adds a second workflow, which periodically does a vulnerability scan of the container. The output of the scan is presented in the log. It's currently configured to 'fail' on medium-or-above vulnerabilities.

Documentation at: https://github.com/marketplace/actions/anchore-container-scan

• [X] New feature (non-breaking change which adds functionality)

Checklist:

• [X] I have performed a self-review of my code
• [X] I have tested my code in common scenarios and confirmed there are no regressions

[popey]

A result from scan-action in my repo can be found here: https://github.com/popey/stream-sprout/actions/runs/10159613955