Disable alerts on dangerous trigger

[henrirosten]

Description of Changes

Disable alerts on the GitHub code scanning dashboard that stem from using the pull_request_target trigger:

• use of fundamentally insecure workflow trigger
• Dangerous-Workflow

The current usage of pull_request_target has been extensively evaluated, and the possible risks are well understood.

Notice: this does not impact the openssf scorecard badge report, which is uploaded before filtering false positives.

Type of Change

• New Feature
• Bug Fix
• Improvement / Refactor

Related Issues / Tickets

Checklist

• Clear summary in PR description
• Detailed and meaningful commit message(s)
• Commits are logically organized and squashed if appropriate
• Contribution guidelines followed
• Ghaf documentation updated with the commit - https://tiiuae.github.io/ghaf/
• Author has run make-checks and it passes
• All automatic GitHub Action checks pass - see actions
• Author has added reviewers and removed PR draft status

Testing Instructions

Applicable Targets

• Orin AGX aarch64
• Orin NX aarch64
• Lenovo X1 x86_64
• Dell Latitude x86_64
• System 76 x86_64

Installation Method

• Requires full re-installation
• Can be updated with nixos-rebuild ... switch
• Other:

Test Steps To Verify: