BC-10096 update gh-actions (#315)

* add permission block to trivy cache update action

Author: Loki-Afro

.github/workflows/push.yml

@@ -127,7 +127,7 @@ jobs:
       security-events: write
     steps:
       - name: run trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.29.0
+        uses: aquasecurity/trivy-action@0.31.0
         with:
           image-ref: 'ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }}'
           format: 'sarif'

.github/workflows/trivy.yml

@@ -7,6 +7,8 @@ on:
     - cron: '0 0 * * *'  # Run daily at midnight UTC
   workflow_dispatch:  # Allow manual triggering
 
+permissions: {}
+
 jobs:
   update-trivy-db:
     runs-on: ubuntu-latest