fix: use checkov only for security scan (templateanalyzer cannot resolve AVM registry modules)

templateanalyzer fails with exit code 21 on Bicep files that use
br/public:avm/... registry references. Bicep validation is already
handled by the dedicated azure-bicep-validate workflow. Scoping the
security scan to checkov only avoids the false failure.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: spboyer

.github/workflows/security-scan.yml

@@ -27,6 +27,7 @@ jobs:
         id: msdo
         with:
           categories: 'python,IaC'
+          tools: 'checkov'
 
       - name: Upload results to Security tab
         uses: github/codeql-action/upload-sarif@v3