fix: clear stale Grype DB cache before weekly security scan

The weekly schedule means the cached grype DB is always >5 days old
(exceeding grype's max allowed age), causing the scan to fail. Clear
the cache dir before each grype run so it always fetches a fresh DB.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: mbologna

.github/workflows/build-scan-push.yml

@@ -178,6 +178,10 @@ jobs:
           severity: CRITICAL,HIGH,MEDIUM
           timeout: 10m
 
+      - name: Clear stale Grype DB cache
+        if: matrix.scanner == 'grype'
+        run: rm -rf ~/.cache/grype/db
+
       - name: Run Grype vulnerability scanner
         if: matrix.scanner == 'grype'
         uses: anchore/scan-action@v4