ci: replace common-workflows reusable workflow with gh-actions composite actions

[kinyoklion]

Summary

Replaces the launchdarkly/common-workflows/.github/workflows/dependency-scan.yml@main reusable workflow with the composite actions from launchdarkly/gh-actions/actions/dependency-scan/. The new workflow uses two explicit jobs (generate-nodejs-sbom → evaluate-policy), matching the pattern already adopted by other SDK repos (e.g., js-client-sdk, js-core, openfeature-node-server).

A similar change is being made in launchdarkly/react-client-sdk.

Review & Testing Checklist for Human

• Verify the Dependency Scan workflow passes on this PR (both generate-nodejs-sbom and evaluate-policy jobs)
• Confirm the workflow structure matches other already-migrated SDK repos

Notes

• The common-workflows repo appears to no longer be accessible (returns 404), so the previous workflow reference may already be broken.
• The actions/checkout SHA (08eba0b2...) is pinned to v4, consistent with other SDK repos using these actions.

Link to Devin session: https://app.devin.ai/sessions/2783d2578c67461aa0af3b814ea886b2
Requested by: @kinyoklion

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring