chore: migrate from Trivy to Grype for vulnerability scanning

Replace aquasecurity/trivy-action with anchore/scan-action (Grype) v7.3.2.
Rename trivy.yml to security-scan.yml. Drop secret scanning.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: JAORMX

.github/workflows/security-scan.yml

@@ -0,0 +1,30 @@
+name: Security Scan
+
+on:
+  pull_request:
+
+jobs:
+  grype-security-scan:
+    runs-on: ubuntu-latest
+    name: Grype
+    permissions:
+      contents: read
+      security-events: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - name: Security Scan
+        id: grype-scan
+        uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # v7.3.2
+        with:
+          path: "."
+          fail-build: true
+          only-fixed: true
+          severity-cutoff: "high"
+          output-format: "sarif"
+
+      - name: Upload scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3
+        with:
+          sarif_file: ${{ steps.grype-scan.outputs.sarif }}
+          category: "grype"