chore: add ClamAV and Trivy security scan workflows

[riatzukiza]

Issue for this PR

Closes #15476

Type of change

• Bug fix
• New feature
• Refactor / code improvement
• Documentation

What does this PR do?

• Adds ClamAV scanning workflow.
• Adds trivy Dependency-Check workflow.

How did you verify your code works?

ran the actions via gh act ...
clamav safely injects the EICAR test string, detects it, and does not detect any real viruses
trivy generates a report

Checklist

• I have tested my changes locally
• I have not included unrelated changes in this PR

If you do not follow this template your PR will be automatically rejected.

[github-actions]

Hey! Your PR title ci: add ClamAV and OWASP security scan workflows doesn't follow conventional commit format.

Please update it to start with one of:

• feat: or feat(scope): new feature
• fix: or fix(scope): bug fix
• docs: or docs(scope): documentation changes
• chore: or chore(scope): maintenance tasks
• refactor: or refactor(scope): code refactoring
• test: or test(scope): adding or updating tests

Where scope is the package name (e.g., app, desktop, opencode).

See CONTRIBUTING.md for details.