fix(ci): resolve GitHub Actions workflow errors

- Fix trivy-action version from 0.28.0 to master
- Fix trufflehog version from 3.88.2 to main
- Fix E2E test working directory issue - server needs to run from project root to find web/ directory

Author: shijiashuai

.github/workflows/ci.yml

@@ -124,10 +124,9 @@ jobs:
         run: go build -o ./tmp/server ./cmd/server
 
       - name: Run E2E tests
-        working-directory: e2e
         run: |
-          # Start server in background
-          ../tmp/server &
+          # Start server in background from project root (so it can find web/ dir)
+          ./tmp/server &
           SERVER_PID=$!
           # Wait for server to be ready
           for i in {1..30}; do
@@ -136,8 +135,8 @@ jobs:
             fi
             sleep 1
           done
-          # Run tests
-          npx playwright test --reporter=list
+          # Run tests from e2e directory
+          cd e2e && npx playwright test --reporter=list
           TEST_EXIT=$?
           # Cleanup
           kill $SERVER_PID 2>/dev/null || true
@@ -181,7 +180,7 @@ jobs:
         uses: golang/govulncheck-action@v1
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@master
         with:
           scan-type: 'fs'
           format: 'sarif'
@@ -194,7 +193,7 @@ jobs:
           sarif_file: 'trivy-results.sarif'
 
       - name: Secret detection
-        uses: trufflesecurity/trufflehog@3.88.2
+        uses: trufflesecurity/trufflehog@main
         with:
           path: ./
           base: main