fix(ci): fix trivy scan, disable pipeline download (#1673)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Optimized vulnerability scanning to run faster by skipping on-run
database updates and pre-downloading the Java vulnerability database.
  * Improved CI reliability for container image security checks.

* **Bug Fixes**
* Ensured security scan failures correctly return a non-zero exit code,
providing clearer feedback and preventing false positives in pipelines.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Author: marvinWolff

.github/scripts/generate-sarif-reports.sh

@@ -44,7 +44,7 @@ function generateSarifReport() {
   locationsJson="$(yq --arg image "$image" -r '.annotations["artifacthub.io/images"] | split("\n")[] | select(contains($image))' "$chart/Chart.yaml" |
     awk '{print $NF}' |
     jq -r -c -Rn '[inputs] | map({fullyQualifiedName: .})')"
-  if trivy image "$image" -f sarif --quiet --ignore-unfixed | jq -r --argjson locations "$locationsJson" --arg category "$chart/${GITHUB_JOB:-local}" '.runs |= map(.results |= map(.locations += [{logicalLocations: $locations}])) | .runs |= map(.automationDetails = {id: $category})' >"$tmpFile"; then
+  if trivy image --skip-db-update --skip-java-db-update "$image" -f sarif --quiet --ignore-unfixed | jq -r --argjson locations "$locationsJson" --arg category "$chart/${GITHUB_JOB:-local}" '.runs |= map(.results |= map(.locations += [{logicalLocations: $locations}])) | .runs |= map(.automationDetails = {id: $category})' >"$tmpFile"; then
     mv "${tmpFile}" "${outFile}"
   else
     rm "$tmpFile"

.github/scripts/trivy-login-to-registries.sh

@@ -11,6 +11,7 @@ declare -A IMAGE_PULL_TOKENS=(
 )
 
 trivy image --download-db-only
+trivy image --download-java-db-only
 
 for registry in "${!IMAGE_PULL_TOKENS[@]}"; do
   TRIVY_PASSWORD="${IMAGE_PULL_TOKENS["$registry"]}" trivy registry login --username github-cve-scanning "$registry"