Enable scanning on tag pipelines
Why is this change being made?
For FIPS compliance, we want to scan all "production" images.
Of all the image tags pushed to the distribution repository, the edge
tag is the only one being scanned daily since the builds on the master
branch do this. The latest
and other versioned tags are not regularly scanned.
This MR enables scanning for tag pipelines to address this.
As per a related discussion, we'll use Trivy to start with.
Related: https://gitlab.com/gitlab-org/gitlab/-/issues/372766
Edited by Thiago Figueiró