fix(release): fix py env issue in ci-checkov (#1224)

![Screenshot 2025-06-20 at 11 56
11 AM](https://github.com/user-attachments/assets/6f27dcb0-d409-417a-a808-c0e783d879b8)
^^ we see this issue regularly during the release

It seems like a pretty generic pyenv issue.

closes REL-1044

### Test plan
Ran script locally with and without change.

<!--
As part of SOC2/GN-104 and SOC2/GN-105 requirements, all pull requests
are REQUIRED to
provide a "test plan". A test plan is a loose explanation of what you
have done or
implemented to test this, as outlined in our Testing principles and
guidelines:

https://docs.sourcegraph.com/dev/background-information/testing_principles
  Write your test plan here after the "Test plan" header.
-->

Author: DaedalusG

.buildkite/ci-checkov.sh

@@ -1,7 +1,13 @@
 #!/usr/bin/env bash
-# Set this to fail on the install
+# Set this to fail on the install 
 set -euxo pipefail
 
+# Install and run the plugin for checkov
+# Create virtual environment to avoid externally-managed-environment error
+python3 -m venv checkov-venv
+source checkov-venv/bin/activate
+pip install checkov
+
 # List of checks we do not want to run here
 # This is a living list and will see additions and mostly removals over time.
 SKIP_CHECKS="CKV_GCP_22,CKV_GCP_66,CKV_GCP_13,CKV_GCP_71,CKV_GCP_61,CKV_GCP_21,CKV_GCP_65,CKV_GCP_67,CKV_GCP_20,CKV_GCP_69,CKV_GCP_12,CKV_GCP_24,CKV_GCP_25,CKV_GCP_64,CKV_GCP_68,CKV2_AWS_5,CKV2_GCP_3,CKV2_GCP_5,CKV_AWS_23,CKV_GCP_70,CKV_GCP_62,CKV_GCP_62,CKV_GCP_62,CKV_GCP_62,CKV_GCP_29,CKV_GCP_39"
@@ -15,7 +21,7 @@ echo "==========================================================================
 # Set not to fail on non-zero exit code
 set +e
 # Run checkov
-checkov --skip-check $SKIP_CHECKS --quiet --framework terraform --compact -d .
+python3 -m checkov.main --skip-check $SKIP_CHECKS --quiet --framework terraform --compact -d .
 
 # Options
 # --quiet: Only show failing tests