.github: run cvewatch after build

[christoph-zededa]

Description

This way cvewatch does not have to build all pkgs in parallel to the actual build process and does not
need to download all the sources, too.

Hopefully this helps to fix the http teapot status issues like:

Error: error building "lfedge/eve-cross-compilers:b3d1dc377b3f1161eec194219c34fb1a167d28e9": error building for arch amd64: failed to solve: failed to load cache key: invalid response status 418
2026/03/24 02:17:07 error during command execution: error building "lfedge/eve-cross-compilers:b3d1dc377b3f1161eec194219c34fb1a167d28e9": error building for arch amd64: failed to solve: failed to load cache key: invalid response status 418

How to test and validate this PR

Run the cvewatch github action and check that it uses the docker cache for everything.

Changelog notes

CI improvements

PR Backports

For all current LTS branches, please state explicitly if this PR should be
backported or not. This section is used by our scripts to track the backports,
so, please, do not omit it.

Here is the list of current LTS branches (it should be always up to date):

• 16.0-stable: no, as there is no cve scan for this version
• 14.5-stable: no
• 13.4-stable: no

Checklist

• I've provided a proper description
• I've added the proper documentation
• I've tested my PR on amd64 device
• I've tested my PR on arm64 device
• I've written the test verification instructions
• I've set the proper labels to this PR

And the last but not least:

• I've checked the boxes above, or I've provided a good reason why I didn't
  check them.

Please, check the boxes above after submitting the PR in interactive mode.

[shjala]

Thanks for the PR, let's test it.

LGTM.