ci: enable Trivy scanning and exclude certificates directory

- Add Trivy configuration file with scan settings
- Exclude the certificate directory from vulnerability scanning

Signed-off-by: appleboy <appleboy.tw@gmail.com>

Author: appleboy

trivy.yaml

@@ -0,0 +1,8 @@
+# Trivy configuration file for gorush project
+# Docs: https://aquasecurity.github.io/trivy/latest/configuration/config-file/
+
+scan:
+  skip-dirs:
+    - certificate
+
+# You can add more config options below as needed.