fix(ci): add GHCR authentication for Trivy security scans

Trivy needs to authenticate with GHCR to pull the container images
for security scanning. Also updates CodeQL action from v3 to v4 to
address deprecation warning.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: ndreno

.github/workflows/release.yml

@@ -245,6 +245,13 @@ jobs:
         id: tag
         run: echo "version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
 
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       # Security scan images
       - name: Scan data plane image
         uses: aquasecurity/trivy-action@master
@@ -263,7 +270,7 @@ jobs:
           severity: 'CRITICAL,HIGH'
 
       - name: Upload Trivy scan results
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         if: always()
         with:
           sarif_file: '.'