Enable scanning on tag pipelines

Why is this change being made?

For FIPS compliance, we want to scan all "production" images.

Of all the image tags pushed to the distribution repository, the edge tag is the only one being scanned daily since the builds on the master branch do this. The latest and other versioned tags are not regularly scanned.

This MR enables scanning for tag pipelines to address this.

As per a related discussion, we'll use Trivy to start with.

Related: https://gitlab.com/gitlab-org/gitlab/-/issues/372766