Investigate issues with trivy > 0.54.0

Summary

Following #128 (closed), we need to investigate the cause of errors when using trivy versions greater than 0.54.0 in our pipelines.

The following errors occur during Trivy’s initialisation when it attempts to pull our public Terraform modules.

ERROR [module resolver] Failed to find a token for the registry module="root" hostname="gitlab.developers.cam.ac.uk" err="no token was found for the registry at gitlab.developers.cam.ac.uk"
ERROR [terraform evaluator] Failed to load module. Maybe try 'terraform init'? module="root" err="invalid character '<' looking for beginning of value"

Investigation required

We need to determine:

• What changes were introduced in Trivy after version 0.54.0 that could affect registry access or module resolution.
• Why Trivy is attempting to authenticate against a public registry.
• Whether this is a bug, a misconfiguration, or a change in expected behaviour upstream.

Current Workaround

We are currently pinning Trivy to version 0.54.0 in the terraform-lint template. However, this is not a sustainable long-term solution.

Next Steps

• Review Trivy release notes and changelogs for versions > 0.54.0.
• Determine what the correct fix for this issue is and propose a way forward.