ci: add trivy container vulnerability scanning pre-merge

Signed-off-by: jay7tech <jayadeepgowda24@gmail.com>

Author: jay7-tech

.github/workflows/build-test.yml

@@ -338,6 +338,16 @@ jobs:
           cd ${{ matrix.component.path }}
           BUILD_CONFIG=${{ matrix.variant.build_config }} DOCKERX_OPTS="--output type=docker,dest=${{ github.workspace }}/${{ matrix.component.name }}-${{ matrix.variant.name }}.tar --cache-to type=local,dest=/tmp/.buildx-cache,mode=max --cache-from type=local,src=/tmp/.buildx-cache" make
 
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          input: ${{ github.workspace }}/${{ matrix.component.name }}-${{ matrix.variant.name }}.tar
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+
       - name: Upload artifact
         uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
         with: