Add docker login for daily scan workflow image scanning

[liustve]

Description of changes:
The current daily scan's image scan workflow would often fail with the following error:

2025-08-12T22:35:36Z	INFO	[vuln] Vulnerability scanning is enabled
2025-08-12T22:35:36Z	INFO	[secret] Secret scanning is enabled
2025-08-12T22:35:36Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-08-12T22:35:36Z	INFO	[secret] Please see also https://trivy.dev/v0.64/docs/scanner/secret#recommendation for faster secret detection

📣 Notices:
  - Version 0.65.0 of Trivy is now available, current version is 0.64.1

To suppress version checks, run Trivy scans with the --skip-version-check flag

2025-08-12T22:35:37Z	FATAL	Fatal error	run error: image scan error: scan error: unable to initialize a scan service: unable to initialize an image scan service: unable to find the specified image "public.ecr.aws/aws-observability/adot-autoinstrumentation-java:v2.11.1" in ["docker" "containerd" "podman" "remote"]: 4 errors occurred:
	* docker error: unable to inspect the image (public.ecr.aws/aws-observability/adot-autoinstrumentation-java:v2.11.1): Error response from daemon: No such image: public.ecr.aws/aws-observability/adot-autoinstrumentation-java:v2.11.1
	* containerd error: failed to list images from containerd client: connection error: desc = "transport: Error while dialing: dial unix /run/containerd/containerd.sock: connect: permission denied"
	* podman error: unable to initialize Podman client: no podman socket found: stat /run/user/1001/podman/podman.sock: no such file or directory
	* remote error: GET https://public.ecr.aws/v2/aws-observability/adot-autoinstrumentation-java/manifests/sha256:7ebd362ec33ad1fa0218535540cec4db3165364fe0715b892e90afdf2374b531: TOOMANYREQUESTS: Rate exceeded

Turns out the issue is related to making unauthenticated GET request calls to public ECR images.
We make these calls both in the pr_build (explanation can be found in the code comment) and in owasp.yml. Likely, our GET requests to pull the ADOT image are being throttled as a result.

aws-otel-java-instrumentation/.github/actions/image_scan/action.yml

Line 24 in 7ffb3d4

- name: Logout of public AWS ECR

• Adding an intermediary step to log-in to ECR before making the GET request calls for owasp.yml image scanning.

Testing
200 Image Scan test runs with docker login (0 failed jobs): https://github.com/aws-observability/aws-otel-java-instrumentation/actions/runs/16922020570/job/47950156083

200 Image Scan test runs w/o docker login (1 failed job, rest didn't run): https://github.com/aws-observability/aws-otel-java-instrumentation/actions/runs/16922512730/job/47951639594

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 52.70%. Comparing base (09e6487) to head (a340747).
⚠️ Report is 450 commits behind head on main.
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@              Coverage Diff              @@
##               main    #1144       +/-   ##
=============================================
- Coverage     85.71%   52.70%   -33.01%     
- Complexity       19      416      +397     
=============================================
  Files             3       53       +50     
  Lines            49     2584     +2535     
  Branches          5      348      +343     
=============================================
+ Hits             42     1362     +1320     
- Misses            3     1131     +1128     
- Partials          4       91       +87     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.