trivy in client service mody by default

[NissesSenap]

Today the trivy-opreator starts a trivy job and run in standard mode by default.
But this is very time consuming, it forces the trivy job to download the whole image every time.

There is already a possibility of setting running jobs in client server mode but then you have to manage the trivy server on your own.
It have been and it might be important again that the trivy server and the trivy client is running the same version.

To make sure that this is done I suggest that the trivy-operator should actually provide a trivy statefulset by default.
The vulnerability report job should then automatically point towards the trivy server, thus saving lots of administrative work for trivy-operator admins.

Since this would require so little resources to just send a http request with the image name to the trivy server we should actually be able to remove the vulnerability job completely and just run it as a http request from the operator it self.

When it comes to making sure that we still can reach our private container registries this should all be handled by the trivy server.
Today the helm chart have support for the needed Azure labels together with AWS service account annotations that is needed. Shouldn't be hard to provide this in the CRD that generates the trivy server.

I'm not sure if trivy in client mode needs to actually send the image on it's own but if it does I think it would be reasonable to change to to make it possible from the trivy client to just tell the server to download the needed image by its own.

In short I think this solution would create less work for admins, quickers scans and less code in the trivy-operator even though you would have to maintain the trivy server CRD.

[itaysk]

also suggested by another user here aquasecurity/starboard#1173 (comment)