[Feature] Add a reusable first-party GitHub Action for CVE Lite CLI

[sonukapoor]

Summary

Create a reusable first-party GitHub Action so other repositories can adopt CVE Lite CLI with a simple uses: line in their workflow YAML instead of manually wiring CLI installation and invocation.

Why

This repository already uses CVE Lite CLI in its own self-scan.yml workflow, which proves the CLI works well in GitHub Actions. However, that workflow is only an internal example for this repository. It is not yet a reusable Action that other teams can adopt directly.

A first-party GitHub Action would reduce setup friction, improve discoverability, and make CI adoption much easier.

Goal

Allow users to integrate CVE Lite CLI into GitHub Actions with a simple pattern such as:

- uses: sonukapoor/cve-lite-cli@v1
  with:
    fail-on: high

or, if implemented as a dedicated action repository later:

- uses: sonukapoor/cve-lite-cli-action@v1
  with:
    fail-on: high

Initial Scope

Phase 1 should focus on a simple reusable Action that:

• runs CVE Lite CLI against the checked-out repository
• supports key inputs such as path, fail-on, verbose, and output options
• optionally supports offline/local advisory DB workflows
• fails the workflow when the configured severity threshold is met
• provides copy-pasteable usage examples in the README

Suggested Inputs

• path
• fail-on
• verbose
• json
• sarif
• offline
• offline-db
• sync-advisories

Notes

This issue is specifically about a reusable integration surface for other repositories.

It is separate from this repository's own self-scan.yml, which should remain as an example of internal CI usage.

Expected Outcome

• easier CI adoption for outside users
• lower integration friction
• stronger developer workflow story for the project
• better discoverability through a first-party GitHub Action