ci: update vulnerability check to use Trivy scan

.gitea/workflows/ci.yml

@@ -198,8 +198,10 @@ jobs:
       - name: Install dependencies (if cache miss)
         run: bun install --frozen-lockfile
 
-      - name: Run security audit
-        run: bun audit --audit-level moderate
-
-      - name: Run dependency vulnerability check
-        run: bunx audit-ci --moderate --report-type summary
+      - name: Run Trivy vulnerability scan
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          format: 'sarif'
+          output: 'trivy-results.sarif'