ci: Make release security scan non-blocking (#11830)
## Summary
- Makes the `security-scan` job in the release pipeline non-blocking so
it no longer gates npm publishing
- The scan still runs and reports results for visibility — it just won't
prevent a release from going out
This is temporary while we address the existing audit findings. The lint
workflow's audits were already non-blocking (`continue-on-error: true`),
so only the release workflow needed changes.
