refactor(ci): consolidate container build/scan/test into one workflow

Build once, use everywhere. No more triple-building the same images.

build-containers.yml now has 4 dependent jobs:
  1. build — builds all 4 custom images, saves as artifacts
  2. scan — loads images, scans with Trivy + Grype (needs: build)
  3. test-cli — loads images, runs argus scan end-to-end (needs: build)
  4. comment-pr — aggregates results into PR comment (needs: scan, test)

Images shared via docker save/load, tagged with commit SHA.

Removed test-reusable-workflows.yml (replaced by test-cli job).
Simplified security-scan.yml to push-to-main + scheduled only.

Author: eFAILution