ci: fix security-scans action reference broken by #394 (#400)

PR #394 accidentally reverted the security-scans action reference from
the fully qualified syntax back to a local path, breaking the reusable
workflow for external repositories like postgis-containers.

Restore the fully qualified reference and add protective comments on
both action references to prevent future regressions.

Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>

Author: NiccoloFei

.github/workflows/bake_targets.yml

@@ -145,7 +145,9 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - name: Security checks
-        uses: ./.github/actions/security-scans/
+        # NOTE: Do not modify this to point to the local action "./.github/actions/security-scans",
+        # as it will break workflows running bake_targets.yml (this workflow) from external repositories.
+        uses: cloudnative-pg/postgres-containers/.github/actions/security-scans@main
         with:
           image: "${{ matrix.image }}"
           registry_user: ${{ github.actor }}
@@ -169,6 +171,8 @@ jobs:
       id-token: write
     steps:
       - name: Copy to production
+        # NOTE: Do not modify this to point to the local action "./.github/actions/copy-images",
+        # as it will break workflows running bake_targets.yml (this workflow) from external repositories.
         uses: cloudnative-pg/postgres-containers/.github/actions/copy-images@main
         with:
           bake_build_metadata: "${{ needs.testbuild.outputs.metadata }}"