Add Trivy vulnerability scans to all docker-released repos

[applejag]

Best case:

1. Once a day, a GitHub Action builds the docker image and scans it
2. If there are vulnerabilities, an issue is created with the label security

• How to handle if issue already exists? Create yet another one? Update the existing one? Do nothing while such a vulnerability scan issue already exists?

The issues should contain description of how to build and scan the docker image yourself locally. Such as:

$ docker build . -t wharf-web

$ docker save wharf-web -o image.tar

$ trivy image --input image.tar

There are some alternatives available, just searching the internet for "trivy github action" yields lots of good alternatives.

Suggest to add this to one repo, and once that is reviewed and merged, first then start applying it to the rest of the repos.

Repos that need this:

• Need scheduled Trivy scans wharf-web#83
• Need scheduled Trivy scans wharf-api#104
• Need scheduled Trivy scans wharf-provider-github#38
• Need scheduled Trivy scans wharf-provider-gitlab#33
• Need scheduled Trivy scans wharf-provider-azuredevops#42

In the future we can translate this to a Wharf build, but as Wharf lacks this kind of integration right now we should start the work using GitHub Actions.

[applejag]

This is done.