FEAT(trivy): add trivy operator

- for container vulnerability scanning
- Add Trivy Operator Helm chart (v0.31.0)
- Configure ServiceMonitor for Prometheus integration
- Enable vulnerability, config audit, and RBAC scanners
- Use Longhorn storage class for Trivy DB
- Exclude kube-system namespaces from scanning

trivy/argocd.yaml

@@ -0,0 +1,44 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: trivy
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  sources:
+  - repoURL: https://aquasecurity.github.io/helm-charts
+    chart: trivy-operator
+    targetRevision: 0.31.0
+    helm:
+      valueFiles:
+      - $values/trivy/helm-values.yaml
+  - repoURL: https://github.com/Mayne0213/monitoring.git
+    targetRevision: main
+    ref: values
+  - repoURL: https://github.com/Mayne0213/monitoring.git
+    targetRevision: main
+    path: trivy
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: trivy-system
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+    syncOptions:
+    - CreateNamespace=true
+    - PrunePropagationPolicy=foreground
+    - PruneLast=true
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m
+    managedNamespaceMetadata:
+      labels:
+        goldilocks.fairwinds.com/enabled: 'true'
+  revisionHistoryLimit: 10