chore: update Trivy scan config (#7934)

.github/workflows/docker.yml

@@ -5,6 +5,7 @@ on:
       - main
   pull_request:
     paths:
+      - '.trivy.yaml'
       - 'Dockerfile'
       - 'docker/**'
       - '.github/workflows/docker.yml'

trivy.yaml

@@ -1,7 +1,7 @@
 scan:
   skip-files:
-    # CVE patching of the following things is far behind and out of our control.
-    - "usr/sbin/gosu"
+    - "usr/sbin/gosu" # CVE patching is far behind and out of our control.
+    - "app/gogs/gogs" # False positives on main builds
 
 severity:
   - CRITICAL