Implement Trivy code scanning to help identify vulns

[ARolek]

@fjrsaracho surfaced an issue reported by the code scanning tool Trivy. This issue is about implementing Trivy to do a scan weekly so we can stay on top of vulns even if code is not being pushed.

It is under Apache License 2.0. Including comercial usage. You can read more on following link: https://github.com/aquasecurity/trivy/blob/main/LICENSE

Not sure if it fits for you as a real "open-source"

Originally posted by @fjrsaracho in https://github.com/go-spatial/tegola/issues/1000#issuecomment-2237342860