Log *what* components trigger a grype scan (#17905) (#17909)

This commit updates the grype action to log what components it is scanning
(including any that are critical which will cause the action to fail).
Previously the default sarif file was generated and nothing was logged. Without
this commit it is impossible to tell from a failed action *what* is causing the
failure.

(cherry picked from commit 6b8d090)

Co-authored-by: Cas Donoghue <[email protected]>

Author: mergify[bot]

.github/workflows/critical_vulnerability_scan.yml

@@ -22,3 +22,4 @@ jobs:
           path: "./scan"
           fail-build: true
           severity-cutoff: critical
+          output-format: table