ci: use yarn workspaces focus to avoid storing devDependencies unplugged

this should fix issue with the systeminformation package from cypress
having cve and it was scanned by trivy because present in
/elabftw/.yarn/unplugged

Author: NicolasCARPi

.github/workflows/build_hypernext.yaml

@@ -97,7 +97,6 @@ jobs:
           # use only the vuln scanner to avoid OOM kill with secrets scanning
           #not working: scanners: 'vuln'
           severity: 'CRITICAL,HIGH'
-          args: '--prod'
 
       # SBOM
       - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph

Dockerfile

@@ -288,6 +288,7 @@ RUN corepack enable
 # so in order for composer to take it into account, it must exist before we call the install command of composer.
 RUN if [ "$BUILD_ALL" = "1" ]; then yarn install \
     && yarn run buildall:prod \
+    && yarn workspaces focus -A --production \
     && /usr/bin/php84 -d memory_limit=256M -d open_basedir='' /usr/local/bin/composer install --prefer-dist --no-cache --no-progress --no-dev -a \
     && yarn cache clean && rm -r /root/.cache /root/.yarn; fi