ci(workflows): add OSS Index auth to security scans

Add OSSI_USERNAME and OSSI_TOKEN secrets to fortress workflows to enable
authentication with OSS Index in the Nancy GitHub Action. This improves
security scanning by allowing authenticated requests, reducing rate-limit
issues and enhancing vulnerability data accuracy.

Author: mrz1836

.github/workflows/fortress-security-scans.yml

@@ -47,6 +47,12 @@ on:
       gitleaks-license:
         description: "Gitleaks license key"
         required: false
+      ossi-username:
+        description: "OSS Index username for Nancy authentication"
+        required: false
+      ossi-token:
+        description: "OSS Index token for Nancy authentication"
+        required: false
 
 permissions:
   contents: read
@@ -110,6 +116,9 @@ jobs:
       - name: 🔍 Ask Nancy
         uses: sonatype-nexus-community/nancy-github-action@726e338312e68ecdd4b4195765f174d3b3ce1533 # v1.0.3
         continue-on-error: false
+        env: # Authentication for OSS Index (recommended)
+          OSSI_USERNAME: ${{ secrets.ossi-username }}
+          OSSI_TOKEN: ${{ secrets.ossi-token }}
         with:
           githubToken: ${{ secrets.github-token }} # ← prevents rate-limit 403
           nancyVersion: ${{ env.NANCY_VERSION }}

.github/workflows/fortress.yml

@@ -163,6 +163,8 @@ jobs:
     secrets:
       github-token: ${{ secrets.GH_PAT_TOKEN != '' && secrets.GH_PAT_TOKEN || secrets.GITHUB_TOKEN }}
       gitleaks-license: ${{ secrets.GITLEAKS_LICENSE }}
+      ossi-username: ${{ secrets.OSSI_USERNAME }}
+      ossi-token: ${{ secrets.OSSI_TOKEN }}
   # ----------------------------------------------------------------------------------
   # Code Quality Checks
   # ----------------------------------------------------------------------------------