[CI] Move CodeQL and Trivy back into PR/Push workflow

It seems Scorecard is accepting reusable workflows now. Verified on my fork
where workflows works properly and there's no change in the Score.

Author: lukaszstolarczuk

.github/workflows/pr_push.yml

@@ -51,3 +51,15 @@ jobs:
   MultiNuma:
     needs: [Build]
     uses: ./.github/workflows/reusable_multi_numa.yml
+  CodeQL:
+    needs: [Build]
+    permissions:
+      contents: read
+      security-events: write
+    uses: ./.github/workflows/reusable_codeql.yml
+  Trivy:
+    needs: [Build]
+    permissions:
+      contents: read
+      security-events: write
+    uses: ./.github/workflows/reusable_trivy.yml

.github/workflows/codeql.yml renamed to .github/workflows/reusable_codeql.yml

@@ -1,19 +1,7 @@
 # CodeQL static analysis
 name: CodeQL
 
-# Due to lower score on Scorecard we're running this separately from
-# "PR/push" workflow. For some reason permissions weren't properly set
-# or recognized (by Scorecard). If Scorecard changes its behavior we can
-# go back to use 'workflow_call' trigger.
-on:
-  push:
-    branches-ignore:
-      - 'dependabot/**'
-  pull_request:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
+on: workflow_call
 
 permissions:
   contents: read

.github/workflows/trivy.yml renamed to .github/workflows/reusable_trivy.yml

@@ -1,22 +1,7 @@
 # Runs linter for Docker files
 name: Trivy
 
-# Due to lower score on Scorecard we're running this separately from
-# "PR/push" workflow. For some reason permissions weren't properly set
-# or recognized (by Scorecard). If Scorecard changes its behavior we can
-# use 'workflow_call' trigger.
-on:
-  push:
-    branches-ignore:
-      - 'dependabot/**'
-  pull_request:
-    paths:
-      - '.github/docker/*Dockerfile'
-      - '.github/workflows/trivy.yml'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
+on: workflow_call
 
 permissions:
   contents: read