add security scanners for containers

[tomkralidis]

Add trivy via GitHub Actions in order to scan containers for vulnerabilities.

[maaikelimper]

I ran trivy on the wis2box-api, it found one issue with severity=HIGH
https://github.com/wmo-im/wis2box-api/actions/runs/9615735356/job/26523621849

[maaikelimper]

question: should the GHA only fail on severity=CRITICAL ?

[tomkralidis]

1. can we update wmo-im/dim_eccodes_baseimage to 22.04 ?
2. we should be checking for severity: CRITICAL,HIGH

[maaikelimper]

Add trivy.yml to PR: #699

wis2box-management passes

wis2box-api, wis2box-ui and wis2box-webapp fail

[maaikelimper]

@tomkralidis how to proceed ?

• Do I make new issues for each failed service in the wis2box-repo or in the original repo ?
• Should I scan -all- containers (so also nginx, minio, prometheus etc.) or just those containers build out of wmo-im repositories ?

[tomkralidis]

• add issues in this issue tracker regardless of the original repo, since we are running the GitHub Action here
• only scan non-upstream

[maaikelimper]

after updating dim_eccodes_baseimage to use Ubuntu 22.04, wis2box-api now passes the vulnerability scan:

[tomkralidis]

2024-07-24:

• we need to address current state of test trivy-vulnerability-scanner #699

[tomkralidis]

2024-08-14:

• @tomkralidis to assess test trivy-vulnerability-scanner #699 and which images need to be addressed/fixed