Adds trivy scheduled checks

[olegbespalov]

What?

This adds the trivy security scanner scheduled check to k6 repository. It aims to check the master tag (the most up-to-date).

Inspired by: https://github.com/grafana/agent/blob/main/.github/workflows/trivy.yml

It has no slack integration yet, first I'm curious to see the frequency of the reporting. If it's acceptable and we won't be use this actively by-ourselves we could set up the slack integration.

Currently, it shows no issues, so it's a good opportunity to start using it.

 trivy image grafana/k6
2023-12-11T15:08:04.324+0100    INFO    Vulnerability scanning is enabled
2023-12-11T15:08:04.324+0100    INFO    Secret scanning is enabled
2023-12-11T15:08:04.324+0100    INFO    If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-12-11T15:08:04.324+0100    INFO    Please see also https://aquasecurity.github.io/trivy/v0.48/docs/scanner/secret/#recommendation for faster secret detection
2023-12-11T15:08:04.918+0100    INFO    Detected OS: alpine
2023-12-11T15:08:04.918+0100    INFO    Detecting Alpine vulnerabilities...
2023-12-11T15:08:04.919+0100    INFO    Number of language-specific files: 1
2023-12-11T15:08:04.919+0100    INFO    Detecting gobinary vulnerabilities...

grafana/k6 (alpine 3.18.5)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

Why?

As we agreed, we'd like to be pro-active in terms of fixing security-related issues.

Checklist

• I have performed a self-review of my code.
• I have added tests for my changes.
• I have run linter locally (make lint) and all checks pass.
• I have run tests locally (make tests) and all tests pass.
• I have commented on my code, particularly in hard-to-understand areas.

Related PR(s)/Issue(s)

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (e23ebec) 73.16% compared to head (d1968a8) 73.18%.

❗ Current head d1968a8 differs from pull request most recent head 5d793cf. Consider uploading reports for the commit 5d793cf to get more accurate results

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3496      +/-   ##
==========================================
+ Coverage   73.16%   73.18%   +0.01%     
==========================================
  Files         267      267              
  Lines       20076    20076              
==========================================
+ Hits        14689    14693       +4     
+ Misses       4471     4467       -4     
  Partials      916      916              

Flag	Coverage Δ
ubuntu	73.13% <ø> (+0.01%)	⬆️
windows	73.05% <ø> (+0.02%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.