Feat/scanner update comment

[lachen-nv]

Summary

Improve security scanner actions (TruffleHog, Trivy, CodeQL) to update existing PR comments instead of creating new ones on each run, reducing comment noise.

Changes

• Comment Update: Scan actions now find and update their existing comments in PRs rather than creating duplicate comments
• Status-Based Updates: Comments are only updated when scan status changes (e.g., clean ↔ issues_found), preventing unnecessary updates
• Enhanced Metadata: Added timestamp and commit SHA to each comment for better traceability
• Unique Comment Markers: Each scanner uses HTML comment markers () to identify their own comments

Modified Actions

• .github/actions/trufflehog-scan/action.yml - TruffleHog secret scanner
• .github/actions/trivy-scan/action.yml - Trivy vulnerability scanner
• .github/actions/codeql-scan/action.yml - CodeQL security analysis

Benefits

• Reduced PR clutter: No more duplicate comments on every push
• Dynamic updates: Only notifies when status actually changes
• Better tracking: Timestamps and commit SHAs show scan history