fix: docker workflow security upload (#1951)

* Fix artifact upload paths for CodeQL and SBOM results

- Correct CodeQL SARIF path from **/results to ../results (relative to workspace)
- Add fallback path for SBOM to handle different generation locations
- This should resolve the 'No files were found' warnings for artifacts

* Test commit to trigger Security Analysis workflow with fixed artifact paths

* Update docker.yaml

* Update security.yaml

* Update security.yaml

.github/workflows/docker.yaml

@@ -61,18 +61,6 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: ${{ env.REGISTRY }}/${{ steps.image.outputs.name }}:${{ steps.meta.outputs.version }}
-          format: 'sarif'
-          output: 'trivy-results.sarif'
-
-      - name: Upload Trivy scan results to GitHub Security
-        uses: github/codeql-action/upload-sarif@v3
-        if: always()
-        with:
-          sarif_file: 'trivy-results.sarif'
           
       - name: Check manifest
         run: docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ steps.image.outputs.name }}:${{ steps.meta.outputs.version }}