fix(ci): skip platform-specific optional deps to avoid LGPL false positives

Revert the omit-optional gh-actions branch (didn't filter transitive
optionals). Instead, set YARN_SUPPORTED_ARCHITECTURES to empty arrays
so yarn skips all platform-specific optional deps (like @img/sharp-libvips-*)
during install. If they're not in node_modules, cdxgen won't pick them up.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: joker23

.github/workflows/dependency-scan.yml

@@ -34,16 +34,16 @@ jobs:
       - name: Enable corepack
         run: corepack enable
 
-      - name: Install dependencies
+      - name: Install dependencies (skip platform-specific optionals)
         run: yarn install
         env:
           YARN_ENABLE_IMMUTABLE_INSTALLS: 'false'
+          YARN_SUPPORTED_ARCHITECTURES: '{"os":[],"cpu":[],"libc":[]}'
 
       - name: Generate SBOM
-        uses: launchdarkly/gh-actions/actions/dependency-scan/generate-sbom@88b91f303c25af3a90c2f0a98dd75af64c3bb332 # skz/ignore-optional
+        uses: launchdarkly/gh-actions/actions/dependency-scan/generate-sbom@8220ae5b6e56f7108d076da0e710dc4feca15101 # main
         with:
           types: 'nodejs'
-          omit-optional: 'true'
 
   evaluate-policy:
     runs-on: ubuntu-latest