Update Trivy GitHub Action to v0.35.0

[shibd]

Summary

• replace aquasecurity/trivy-action@master with aquasecurity/trivy-action@v0.35.0
• stop using the mutable master ref after the recent Trivy GitHub Action security incident

Testing

• workflow reference update only

[github-actions]

@shibd:Thanks for your contribution. For this PR, do we need to update docs?
(The PR template contains info about doc, which helps others know more about the changes. Can you provide doc-related info in this and future PR descriptions? Thanks)

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 521a4ceb3b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Pin Trivy action to a full commit SHA

Replacing @master with @v0.35.0 still leaves this workflow consuming a mutable third-party ref. GitHub’s secure-use docs say a full commit SHA is “the only way to use an action as an immutable release” and explicitly note that tags can be moved or deleted, so if Aqua retargets v0.35.0 (or their repo is compromised again) this PR job will execute different code than the release you reviewed. To actually remove the supply-chain exposure this change is addressing, pin the vetted v0.35.0 commit SHA instead.

Useful? React with 👍 / 👎.