Add actions for snyk scanning of Maven repos and container images

[Frawless]

Type of change

• Enhancement / new feature

Description

Adds snyk scanning workflows for containers and maven. Each project within Strimzi org should create it's own workflow where the actions will be used. The workflow should be run for push events into main and release branches. SNYK_TOKEN secret has to be added to all repos as part of the implementing the scanning workflow.

The actions can send snapshots to Snyk App so we will be able to check scan results in Snyk UI and we will also be able to have periodical scans against snapshot. The actions also can send results from scans into GitHub Code Scanning page.

The PR contains testing workflow where the actions are used, but due to security constraints it can be run also against push events into main or release branches. I decided to pick operators and drain-cleaner for testing scans against single and multiple images per repo and drain-cleaner for maven scanning example.

Usage:

      # Checkout drain-cleaner repo
      ...
      - name: Run Snyk Maven scan
        uses: strimzi/github-actions/.github/actions/security/snyk-maven-scan@sha12345 #v2
        with:
          snykMonitor: "true"
          uploadToCodeScanning: "true"
          projectPrefix: drain-cleaner
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

      # Prepare image son the runner
      ...
      - name: Run Snyk container scan
        uses: strimzi/github-actions/.github/actions/security/snyk-container-scan@sha12345 #v2
        with:
          imageFile: drain-cleaner-container-amd64.tar.gz
          image: drain-cleaner-amd64
          snykMonitor: "true"
          uploadToCodeScanning: "true"
          projectPrefix: drain-cleaner
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

Plan is to merge this PR, create workflows in operators repo (reference main of github-actions for scan workflow) and see if everything is fine and then release 2.0 and use it within operators repo.

Checklist

• Write tests
• Make sure all tests pass
• AI assistance was used to create this PR (see the Strimzi AI policy)