Publish release trivy scans as an artifact

[dereknola]

Proposed Changes

• Upload trivy report of scanned release images to GH as an action artifact. This enables us to download or share the report elsewhere.

Types of Changes

Verification

Running locally:

docker run --rm -v "$(pwd)/build:/build" -v "$(pwd):/workspace" \
         -w /workspace rancher/hardened-build-base:v1.22.8b2 \
         make scan-images

Afterwards a new file trivy-scan-report.txt is available to be uploaded.
I can't test the release process itself.

Testing

Linked Issues

#6643

User-Facing Change

Further Comments

The current base image used in the Dockerfile contains a old version of trivy (0.42). A new version of the base image has been published with trivy (0.56), but I didn't want to complicate this PR by bumping it.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 16.62%. Comparing base (c0e7e1e) to head (adff014).
Report is 1 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #7148   +/-   ##
=======================================
  Coverage   16.62%   16.62%           
=======================================
  Files          32       32           
  Lines        3423     3423           
=======================================
  Hits          569      569           
  Misses       2812     2812           
  Partials       42       42           

Flag	Coverage Δ
unittests	16.62% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[cwayne18]

Thank you so very much for this