Suppress Netty CVE-2026-33870 and CVE-2026-33871 in trivy scans (#1349)

## Description
Temporarily suppresses the two High severity Netty CVEs in trivy scan
ignore files while the fix (bumping `netty-bom` to `4.1.132.Final`) is
pending release.

### Changes
- `.github/trivy/pr-build.trivyignore.yaml` — suppress CVE-2026-33870
and CVE-2026-33871
- `.github/trivy/daily-scan.trivyignore.yaml` — suppress CVE-2026-33870
and CVE-2026-33871

### Expiration
Suppressions expire on **2026-04-14**. Both files should be cleaned up
after the next release.

### Related
- Fix PR: #1347 (main), #1348 (release/v2.26.x)
- Issue: #1346

Author: srprash

.github/trivy/daily-scan.trivyignore.yaml

@@ -10,4 +10,10 @@
 #    statement: "<Why are we excluding?> <link to CVE where we can we status>"
 #    expired_at: <required - YYYY-MM-DD>
 
-vulnerabilities: []
+vulnerabilities:
+  - id: CVE-2026-33870
+    statement: "Netty HTTP/1.1 Request Smuggling. Fix: bump netty-bom to 4.1.132.Final. https://github.com/aws-observability/aws-otel-java-instrumentation/issues/1346"
+    expired_at: 2026-04-14
+  - id: CVE-2026-33871
+    statement: "Netty HTTP/2 CONTINUATION frame flood DoS. Fix: bump netty-bom to 4.1.132.Final. https://github.com/aws-observability/aws-otel-java-instrumentation/issues/1346"
+    expired_at: 2026-04-14

.github/trivy/pr-build.trivyignore.yaml

@@ -8,4 +8,10 @@
 #    statement: "<Why are we excluding?> <link to CVE where we can we status>"
 #    expired_at: <required - YYYY-MM-DD>
 
-vulnerabilities: []
+vulnerabilities:
+  - id: CVE-2026-33870
+    statement: "Netty HTTP/1.1 Request Smuggling. Fix: bump netty-bom to 4.1.132.Final. https://github.com/aws-observability/aws-otel-java-instrumentation/issues/1346"
+    expired_at: 2026-04-14
+  - id: CVE-2026-33871
+    statement: "Netty HTTP/2 CONTINUATION frame flood DoS. Fix: bump netty-bom to 4.1.132.Final. https://github.com/aws-observability/aws-otel-java-instrumentation/issues/1346"
+    expired_at: 2026-04-14