Use --offline-scan for trivy scans to avoid calling external API
Why is this change being made?
We're adding new default flag to trivy
scan to perform offline scans without calling external API to determine dependencies for Maven.
Related to gitlab-org/gitlab#351548 (closed)