Fix security checks on PR GitHub action

[aatmanvaidya]

We have a github action in place that runs security checks when a PR is opened - link to the action

• Resolve Trivy Scan Error on Pull Request
  • The Trivy scan currently reports errors whenever a pull request is opened. The task is to investigate the cause of these errors and implement a fix to ensure the scan passes successfully. Link to the error
• Add pip audit check’s for all pyproject.toml files in the github action
  • pip-audit is a tool for scanning Python environments for packages with known vulnerabilities.
  • If pip audit doesn’t have support for pyproject.toml files, then we can convert them to requirements.txt files using uv like this, and then run the pip-audit on them.
• We can also look into adding tools like Deptry — it is a command line tool to check for issues with dependencies in a Python project, such as unused or missing dependencies.

Some notes on securing the feluda codebase can be found in this blog post.