fix: remove validate-lockfile workflow as it uses trivy

[Fiona-Waters]

What this PR does / why we need it:

This workflow uses trivy which should be removed from the repo. Related to #426

cc @andreyvelich @kramaranya

Which issue(s) this PR fixes (optional, in Fixes #<issue number>, #<issue number>, ... format, will close the issue(s) when PR gets merged):

Fixes #

Checklist:

• Docs included if any changes are user facing

[Fiona-Waters]

/assign @andreyvelich @kramaranya

[Copilot]

Pull request overview

Removes the lockfile validation GitHub Actions workflow that depends on Trivy, aligning CI with the ongoing effort to remove Trivy-based checks from this repository (per referenced PR #426).

Changes:

• Delete .github/workflows/validate-lockfile.yaml, which previously ran uv lock --check and Trivy scans on uv.lock changes.

[kramaranya]

Thanks!
/lgtm

[Fiona-Waters]

/retest

[andreyvelich]

@Fiona-Waters We might need to find some other way to monitor dependencies in Kubeflow SDK in the meantime.
/lgtm
/approve

[google-oss-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andreyvelich

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [andreyvelich]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Fiona-Waters]

@Fiona-Waters We might need to find some other way to monitor dependencies in Kubeflow SDK in the meantime. /lgtm /approve

Yes for sure, leave it with me.

[andreyvelich]

/cherry-pick release-0.4

[google-oss-robot]

@andreyvelich: new pull request created: #430

Details

In response to this:

/cherry-pick release-0.4

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.