feat: add `trivy` for docker security

[JaeAeich]

Use trivy for docker security scan.

[Nidhi091999]

Hi @JaeAeich ,

Where should Trivy be called from—hooks/post_gen_project.py or GitHub Actions? Also, how can I retrieve the current Docker image name and tag? Is it derived from {{ cookiecutter.project_name_dashed }}?

[JaeAeich]

Trivy would come in github actions, but this is blocked by #24.