chore: load checks from repo

[nikpivkin]

This PR changes the source of the checks, replacing the checks embedded in Trivy with the trivy-checks repository, which is pulled each time a site is built. This will keep the checks documentation up to date regardless of the version of Trivy.

[simar7]

lgtm, could you rebase and mark for review if ready?

[nikpivkin]

@simar7 I was thinking that maybe we should still load checks from trivy or at least trivy-checks? If we add a new check but don't release a new bundle, it will be on the web site but not available to users. In this repository we can set up dependabot to update dependencies in a timely manner.

[simar7]

@simar7 I was thinking that maybe we should still load checks from trivy or at least trivy-checks? If we add a new check but don't release a new bundle, it will be on the web site but not available to users. In this repository we can set up dependabot to update dependencies in a timely manner.

On the contrary, if we still load checks from releases we still have the wait until the next release takes place. Sometimes we just want to have a page in AVD and not wait until the next trivy (or checks) release. Loading directly bypasses this wait time for AVD.

I don't think it's a big deal if we have a page on AVD that isn't yet released via Trivy. Users find AVD pages via Trivy not the other way around today.