Update trivy action to solve TOO MANY REQUESTS issue

[rv0lt]

Read this before submitting the PR

1. Always create a Draft PR first
2. Go through sections 1-5 below, fill them in and check all the boxes
3. Make sure that the branch is updated; if there's an "Update branch" button at the bottom of the PR, rebase or update branch.
4. When all boxes are checked, information is filled in, and the branch is updated: mark as Ready For Review and tag reviewers (top right)
5. Once there is a submitted review, implement the suggestions (if reasonable, otherwise discuss) and request an new review.

If there is a field which you are unsure about, enter the edit mode of this description or go to the PR template; There are invisible comments providing descriptions which may be of help.

1. Description / Summary

A few weeks ago, changes in the GitHub policies regarding rate limits caused issues with the Trivy scanner, which downloads its vulnerability database from a Google Artifact by default. This is a quite popular tool, so too many requests from different users where hitting this limit quite easily, breaking several pipelines in different projects, including ours.

This update in the action aims to incorporate optimization in the way the database is handled. Additionally, it allows for declaring several repositories from where to download the vuln database.

The PR updates the action and declares the two official repositories for the DB artifact, it will try to use the default (Google) first, and if fails, will use the mirror in AWS

Ref: aquasecurity/trivy-action#389

2. Jira task / GitHub issue

Link to the github issue or add the Jira task ID here.

3. Type of change

What type of change(s) does the PR contain?

Check the relevant boxes below. For an explanation of the different sections, enter edit mode of this PR description template.

• New feature
  • Breaking: Why / How? Add info here.
  • Non-breaking
• Database change: Remember the to include a new migration version, or explain here why it's not needed.
• Bug fix
• Security Alert fix
  • Package update
    • Major version update
• Documentation
• Workflow
• Tests only

4. Additional information

• Sprintlog
• Blocking PRs
  • Merged
• PR to master branch: _If checked, read the release instructions
  • I have followed steps 1-8.

5. Actions / Scans

Check the boxes when the specified checks have passed.

For information on what the different checks do and how to fix it if they're failing, enter edit mode of this description or go to the PR template.

• Black

• Prettier

• Yamllint

• Tests

• CodeQL

• Trivy

• Snyk

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.52%. Comparing base (1bdce67) to head (0d2ac37).
Report is 4 commits behind head on dev.

Additional details and impacted files

@@           Coverage Diff           @@
##              dev    #1560   +/-   ##
=======================================
  Coverage   92.52%   92.52%           
=======================================
  Files          29       29           
  Lines        4868     4868           
=======================================
  Hits         4504     4504           
  Misses        364      364           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[rv0lt]

Let's wait a bit to marked it as ready for review. The mantainers of the action are still fixing some consecuencies from all this updates they had to do

aquasecurity/trivy-action#403

[i-oden]

Really nice PR description, thanks for that!

Looks good, just update the sprintlog.

[i-oden]

Looks good, you're good to merge.