ci(security): pin trivy-action to v-prefixed tag

- Update aquasecurity/trivy-action from 0.35.0 to v0.35.0 to match the action's post-supply-chain-attack tag scheme

Author: appleboy

.github/workflows/security.yml

@@ -23,7 +23,7 @@ jobs:
         uses: actions/checkout@v6
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.35.0
+        uses: aquasecurity/trivy-action@v0.35.0
         with:
           scan-type: "fs"
           scan-ref: "."
@@ -39,7 +39,7 @@ jobs:
           sarif_file: "trivy-results.sarif"
 
       - name: Run Trivy vulnerability scanner (table output)
-        uses: aquasecurity/trivy-action@0.35.0
+        uses: aquasecurity/trivy-action@v0.35.0
         if: always()
         with:
           scan-type: "fs"