Config parsing includes `config.yaml` in working dir

[AidanDelaney]

What happened:
syft reads any config.yaml in the current working directory as Syft configuration. If the config.yaml is not a valid syft config, then scanning fails.

What you expected to happen:
I expect config.yaml in the current working directory to not be read as Syft configuration.

Steps to reproduce the issue:

1. Create directory foo: mkdir foo
2. Create a config.yaml in the foo directory: touch foo/config.yaml
3. Place invalid Syft config in the config.yaml:

   cat > foo/config.yaml << EOF
     output:
       example:
         value: value
   EOF
   

Note that is is important that the config file uses a Syft configuration value like output
4. Run syft in the foo directory: cd foo && syft packages .
5. Observe the error 'output[0]' expected type 'string', got unconvertible type 'map[string]interface {}', value: 'map[example:map[value:value]]'

Anything else we need to know?:
The problem occurs on https://github.com/anchore/syft/blob/main/internal/config/application.go#L226.

On line 226 we add the pwd as a config path. We then check to see if a .syft config file exists. If it does not, we move to check the other documented config files.

On line 236 we add .syft as a config path. Note that pwd is still in the search path for configs. When we then search for config files with the name config, it picks up ./config.yaml which was never intended as a syft configuration file.

Environment:

• Output of syft version: latest syft from git
• OS (e.g: cat /etc/os-release or similar): Falure observed on Linux and Macos