fix(ci): pin trivy-action to immutable commit SHA for supply-chain safety

Agent-Logs-Url: https://github.com/sourcefuse/loopback4-notifications/sessions/7524a630-bf35-486e-a73e-1541c2fe1e82

Co-authored-by: rohit-sourcefuse <16935898+rohit-sourcefuse@users.noreply.github.com>

Author: Copilot

.github/workflows/trivy.yaml

@@ -22,7 +22,7 @@ jobs:
       - uses: actions/checkout@v3
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.35.0
+        uses: aquasecurity/trivy-action@57a97c7e8b8c6e9c1a7a20db8c5e540c31cf79a8 # v0.35.0
         with:
           scan-type: 'fs'
           scan-ref: '${{ github.workspace }}'