chore: add Snyk dependency scan workflow

[OscarLlamas6]

This PR introduces a Snyk security workflow for the datum.net Astro application to scan Node.js dependencies. The job uses the shared snyk-scan reusable workflow from datum-cloud/actions, runs snyk test with --report, and is configured with fail-on-issues: false and upload-sarif: false so it reports findings without breaking the CI pipeline or requiring GitHub Advanced Security.

The workflow is wired as a reusable and push-triggered job, reusing the existing organization configuration via SNYK_ORG and SNYK_TOKEN. This aligns the website with our infra repository security practices while keeping the initial adoption of Snyk low-friction.

[cla-assistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ ronggur
❌ Oscar Llamas

---

Oscar Llamas seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[cla-assistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ ronggur
❌ Oscar Llamas

---

Oscar Llamas seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}