CI: add image scanning

[zhzhuang-zju]

What type of PR is this?

/kind cleanup

What this PR does / why we need it:
Runs Trivy as GitHub action to scan Docker container image for vulnerabilities.

We talked about this task at Community Meeting 2023-01-17.

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:
Please see https://github.com/zhzhuang-zju/karmada/actions/runs/6530626808/job/17730271059 for more specific effects.

Does this PR introduce a user-facing change?:

Security: Introduce `trivy` for image security scanning.

[karmada-bot]

Welcome @zhzhuang-zju! It looks like this is your first PR to karmada-io/karmada 🎉

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[codecov-commenter]

Codecov Report

All modified lines are covered by tests ✅

Comparison is base (70e2e1c) 53.48% compared to head (6381c87) 53.46%.
Report is 10 commits behind head on master.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4123      +/-   ##
==========================================
- Coverage   53.48%   53.46%   -0.02%     
==========================================
  Files         234      234              
  Lines       23279    23279              
==========================================
- Hits        12451    12447       -4     
- Misses      10147    10150       +3     
- Partials      681      682       +1     

Flag	Coverage Δ
unittests	53.46% <ø> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 2 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[zhzhuang-zju]

This pr add image-scanning CI，providing the ability to scan the master branch image during push.

When the code is merged into the master branch, the image scan is started.

CI fails when vulnerabilities are detected. You can view the scan results of a single image in each job.

[RainbowMango]

/lgtm
/approve

[karmada-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: RainbowMango

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [RainbowMango]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment