Set security GH action to enforcing

Author: sbreker

.github/workflows/security.yml

@@ -23,7 +23,6 @@ jobs:
   govulncheck:
     name: Go vulnerability check
     runs-on: ubuntu-latest
-    continue-on-error: true # remove to enforce
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
       - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00
@@ -54,16 +53,13 @@ jobs:
       - name: Trivy filesystem scan
         uses: aquasecurity/[email protected]
         id: trivy_scan
-        continue-on-error: true # remove to enforce; paired with exit-code below
         with:
           scan-type: fs
           scanners: vuln,secret,misconfig
           ignore-unfixed: true
           format: sarif
           output: trivy-fs.sarif
-          # Include all severities for testing - Consider removing UNKNOWN,LOW,MEDIUM when enforcing.
-          severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
-          exit-code: 1 # Remove to enforce failure on high/critical
+          severity: MEDIUM,HIGH,CRITICAL
       - name: Upload Trivy SARIF artifact
         if: always()
         uses: actions/upload-artifact@v4