run scan-vulns.yaml on schedule (#1562)

Signed-off-by: Susan Shi <[email protected]>

.github/workflows/scan-vulns.yaml

@@ -10,6 +10,8 @@ on:
       - "docs/**"
       - "library/**"
       - "**.md"
+  schedule:
+    - cron: '30 8 * * 0'  # early morning (08:30 UTC) every Sunday
   workflow_dispatch:
 
 permissions: read-all
@@ -70,4 +72,4 @@ jobs:
         run: |
           for img in "localbuild:test" "localbuildcrd:test"; do
               trivy image --ignore-unfixed --exit-code 1 --severity HIGH --vuln-type="os,library" "${img}"
-          done
+          done