feat(scan/apk): Respect GRYPE_DB_MAX_ALLOWED_BUILT_AGE

There was about a one hour window of time where I couldn't scan Hadoop
or gRPC while working through vulnerabilities without possibly building
the database locally (because it hadn't been updated yet) so I took a
quick look at how we handle this in wolfictl and found it deviates from
the behavior in grype

Similar to grype, respect GRYPE_DB_MAX_ALLOWED_BUILT_AGE so that users
can set this to whatever their preferred duration is. Default to 24
hours

Signed-off-by: RJ Sampson <rj.sampson@chainguard.dev>

Author: EyeCantCU

pkg/scan/apk.go

@@ -139,11 +139,16 @@ func NewScanner(opts Options) (*Scanner, error) {
 		dbDestDir = DefaultGrypeDBDir
 	}
 
+	grypeMaxAllowedBuiltAge, err := time.ParseDuration(os.Getenv("GRYPE_DB_MAX_ALLOWED_BUILT_AGE"))
+	if err != nil {
+		grypeMaxAllowedBuiltAge = time.Duration(24)
+	}
+
 	installCfg := installation.Config{
 		DBRootDir:               dbDestDir,
 		ValidateChecksum:        true,
 		ValidateAge:             !opts.DisableDatabaseAgeValidation,
-		MaxAllowedBuiltAge:      24 * time.Hour,
+		MaxAllowedBuiltAge:      grypeMaxAllowedBuiltAge * time.Hour,
 		UpdateCheckMaxFrequency: 1 * time.Hour,
 	}