fix(CI): Pin safe trivy check version (#7010)

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

Author: emyller

.github/workflows/.reusable-docker-build.yml

@@ -148,10 +148,11 @@ jobs:
 
       - name: Scan ${{ steps.image-tag.outputs.image-tag }} image
         id: trivy
-        uses: Flagsmith/actions/trivy-scan-image@v0.3.0
+        uses: Flagsmith/actions/trivy-scan-image@v0.4.1
         if: inputs.scan
         with:
           image-tag: ${{ steps.image-tag.outputs.image-tag }}
+          artifact-name: ${{ inputs.image-name }}-trivy-results
           category: ${{ inputs.image-name }}
           # `query` value contained path:{image_name} before but not all Trivy findings
           # conform to that. There's no category filter at the moment; for the time being,

.github/workflows/platform-docker-trivy-scan.yml

@@ -101,7 +101,7 @@ jobs:
 
       - name: Scan ${{ matrix.image-name }}:main image
         id: trivy
-        uses: Flagsmith/actions/trivy-scan-image@v0.4.0
+        uses: Flagsmith/actions/trivy-scan-image@v0.4.1
         with:
           image-tag: ${{ env.REGISTRY_URL }}/flagsmith/${{ matrix.image-name }}:main
           category: ${{ matrix.image-name }}