Delivery: ensure all images are scanned for CVEs during build phase

Created by: davejrt

We should enable a container scanning step in our CI/CD pipelines.

The step should run Trivy and must provide context to the team if the steps fail, e.g which packages should be updated and a summary of the results per image.

There should also be a report for every release we do with all the images scanned and the results from Trivy.

Definition of success How do we know if this project was successful? All the pipelines include the container scanning step We do not release with any critical or high severity vulnerabilities that have an upstream patch available Anything that would otherwise be blocking should have a tracked exception If a customer notifies us of a CVE after a release, it should only be in the case that the creation date of the CVE be after the release