fix(ci): allow docker CVE GHSA-x744-4wpc-v9h2 in dependency review

Transitive dependency github.com/docker/docker has no upstream fix.
Allow this GHSA to unblock PR #470 dependency review check.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: 2 people

.github/workflows/security.yml

@@ -164,6 +164,8 @@ jobs:
         uses: actions/dependency-review-action@v4
         with:
           fail-on-severity: high
+          # Allow docker CVE with no upstream fix (transitive via testcontainers)
+          allow-ghsas: GHSA-x744-4wpc-v9h2
           # Include both the compound SPDX expression and individual components
           # to handle golang.org/x packages which report as compound license
           allow-licenses: >-