Apply community-reviewed improvements from Ratis PR #1328 to vulnerability-check workflow

[Copilot]

Description

Backports improvements to the weekly CVE scanning workflow that were validated through Apache Ratis PR apache#1328 community review process.

Workflow Simplification

• Removed matrix strategy: Single runner (ubuntu-latest, JDK 17) instead of matrix configuration
• Removed Maven cache: Cache ineffective for weekly scheduled jobs
• Consolidated dependency checks: aggregate step subsumes check step

Enhanced Configuration

• Added conditional execution: Prevents forks from running scheduled scans (github.repository == 'apache/iotdb')
• Added NVD API key support: -DnvdApiKey=${{ secrets.NVD_API_KEY }} parameter for improved CVE data access
• Consistent Maven args: $MAVEN_ARGS variable usage across commands

Improved Clarity

• Renamed DATE_EAST_ASIA → REPORT_DATE: Clearer semantic meaning
• Simplified artifact naming: Removed redundant ${{ runner.os }} component
• Updated step descriptions: More precise naming

Security Hardening

• Added explicit permissions: contents: read follows principle of least privilege

---

This PR has:

• been self-reviewed.
• added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.

---

Key changed/added classes (or packages if there are too many classes) in this PR

.github/workflows/vulnerability-check.yml

Original prompt

针对定期扫描 cve 的 CI，我参考 iotdb 的实现（https://github.com/apache/iotdb/blob/master/.github/workflows/vulnerability-check.yml）将其迁移到 ratis，接收到社区的很多反馈修做了很多 review 的修改。现在我觉得这些改动可以进一步回馈到 iotdb 社区，请参考该 pr（https://github.com/apache/ratis/pull/1328）的内容将其回馈到 iotdb 社区，这一行应该是可以额外保留的（DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}），其他的应该都是可以一样的

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[OneSizeFitsQuorum]

LGTM