Ignore pipeline files when scanning with Trivy

Trivy was detecting dependencies inside the Git checkout for Trivy
report templates. Also switch to "repository" scanning as it is more
appropriate here.

See: https://trivy.dev/v0.64/docs/target/repository#rationale

Author: cbandy

.gitlab-ci.yml

@@ -206,7 +206,7 @@ trivy:
     # Trivy needs a populated Go module cache to detect Go module licenses.
     - go mod download
     - >-
-      trivy filesystem . --exit-code 1
+      trivy repository . --exit-code 1 --skip-dirs .gitlab-remotes
       --scanners license,vuln
       --ignore-unfixed
       --no-progress