Integrate Scala projects with Snyk

[gu-dependency-graph-integrator]

What does this change?

This PR integrates your repository with Snyk, to track its dependencies, in line with our recommendations.

Why?

If a repository is in production, we need to track its third party dependencies for vulnerabilities. DevX have detected that your repo contains at least one language that is not supported by Dependabot. As a result, we have raised this PR on your behalf to add it to Snyk.

How has it been verified?

We have tested this action against a combination of TypeScript, Scala, Go, and Python repositories. If your repository contains other languages not included here, integration may not work the way you expect it to.

What do I need to do?

• Replace the SNYK_ORG variable with the org name that your team already uses (you should have other repos integrated with Snyk. If you can’t find any, reach out to DevX). Examples are guardian-devtools and guardian-dotcom-n2y
• The Snyk job should run automatically on every commit to this branch. Click through on the Snyk status check see the logs of the latest run on this PR, and verify it has generated one project per dependency manifest (except pnpm and deno). Examples of dependency manifests are a build.sbt, or a package-lock.json, essentially, any file that lists the dependencies of your project.
• When you are happy the action works, remove the branch name integrate-snyk-ec9f6ad94d9bace8trigger from the snyk.yml (aka delete line 6), approve, and merge.

[tjsilver]

Closing this PR and will shortly open one to implement the SBT submission workflow which will submit Scala dependencies to the Dependency Graph and enable vulnerabilities to be identified by Dependabot.