Temporary: add .trivyignore to test no-CVE happy path

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: rmoff

.github/workflows/kafka-connect-ci.yml

@@ -152,6 +152,7 @@ jobs:
         scan-type: 'rootfs'
         scan-ref: '/tmp/kafka-connect-scan'
         scanners: 'vuln'
+        trivyignores: '.trivyignore'
         ignore-unfixed: true
         exit-code: '1'
         format: 'sarif'

.trivyignore

@@ -0,0 +1,5 @@
+# Temporary: suppress known CVEs to test happy-path (no findings) scenario
+GHSA-72hv-8253-57qq
+CVE-2025-67721
+CVE-2026-33870
+CVE-2026-33871