ci(trivy): disable vulnerability scan on PRs

There is a risk with this approach to miss a new vulnerability being introduced by a
PR. But in our case, it is much less likely than a random CVE popping up in existing
dependencies at the wrong time, blocking a totally unrelated PR merge. And with
our regular scheduled scan, we will catch all vulnerabilities spotted by Trivy soon
enough (certainly way before I include the PR in a release).

Author: thomasleplus

.github/workflows/super-linter.yml

@@ -69,6 +69,7 @@ jobs:
           LINTER_RULES_PATH: .
           DEFAULT_BRANCH: main
           ENFORCE_COMMITLINT_CONFIGURATION_CHECK: true
+          TRIVY_SCANNERS: ${{ (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && 'vuln,misconfig,secret' || 'misconfig,secret'}}
           BIOME_CONFIG_PATH: .biome.json
           GITHUB_ACTIONS_ZIZMOR_CONFIG_FILE: .zizmor.yml
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}