ci(security): make OSV-Scanner non-blocking

Set fail-on-vuln to false so vulnerability scan results are reported
to GitHub Security tab without failing CI. Current findings are all
low/medium severity in transitive dev dependencies.

Author: tobyhede

.github/workflows/osv-scanner.yml

@@ -20,6 +20,7 @@ jobs:
     name: OSV Vulnerability Scan
     uses: google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.3
     with:
+      fail-on-vuln: false
       scan-args: |-
         --recursive
         ./