chore(ci): remove vulnerability-scan, add security-slack-notify

[PMerlet]

Summary

• Removes `vulnerability-scan.yml` (weekly Trivy scan + Slack post). Security vulnerabilities are now handled by a Claude routine running weekly.
• Adds `security-slack-notify.yml` — thin caller workflow that posts to #tech_all when a PR is labeled `:lock: security`. Mirrors what is already in place on forestadmin-server.

Test plan

• End-to-end Slack notification flow verified in forestadmin-server (test PR closed)
• After merge, label a PR with `:lock: security` to confirm the workflow fires in this repo too

Note: needs the org-level `SLACK_BOT_TOKEN` secret to be accessible by this repo, and the corresponding Slack bot to be a member of #tech_all.

🤖 Generated with Claude Code

Note

Replace vulnerability-scan workflow with security PR Slack notification workflow

• Removes vulnerability-scan.yml, which ran a weekly scheduled scan every Friday and supported manual dispatch.
• Adds security-slack-notify.yml, a workflow that triggers when a PR is labeled :lock: security and posts a Slack notification via a reusable notify-slack-security-pr workflow with PR metadata and repository name.
• Risk: the weekly vulnerability scan will no longer run automatically or send its associated notifications.

^{Macroscope summarized 93202d0.}

[forest-bot]

🎉 This PR is included in version 1.29.2 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀