fix: add .grype.yaml (#3834)
**Summary**
CVE-2024-11053 https://curl.se/docs/CVE-2024-11053.html (severity Low)
was published on Dec 11, 2024 and began failing CI builds on open-core
on Dec 13, 2024 when it appeared in `grype` apparently misclassified as
a critical vulnerability.
The severity reported on the CVE is "Low" so it should not fail builds.
Add a `.grype.yaml` file to ignore this CVE until grype is updated.
