chore: migrate from Trivy to Grype for vulnerability scanning

Replace aquasecurity/trivy-action with anchore/scan-action (Grype) v7.3.2.
Remove config scanning job (not supported by Grype).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: JAORMX

.github/workflows/security.yml

@@ -13,27 +13,19 @@ permissions:
   contents: read
 
 jobs:
-  trivy-scan:
-    name: Trivy Security Scan
+  grype-scan:
+    name: Grype Security Scan
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
-      - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
+      - name: Run Grype vulnerability scanner
+        id: grype-scan
+        uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # v7.3.2
         with:
-          scan-type: 'fs'
-          ignore-unfixed: true
-          format: 'table'
-          exit-code: '1'
-          severity: 'CRITICAL,HIGH'
-
-      - name: Run Trivy vulnerability scanner in IaC mode
-        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
-        with:
-          scan-type: 'config'
-          hide-progress: false
-          format: 'table'
-          exit-code: '1'
-          severity: 'CRITICAL,HIGH'
+          path: "."
+          only-fixed: true
+          output-format: "table"
+          fail-build: true
+          severity-cutoff: "high"