fix: remove hashFiles() from job-level if conditions in security.yml

[Xaxxoo]

Summary

• hashFiles() is not supported in job-level if: expressions in GitHub Actions — it causes an "Invalid workflow file" parse error that blocks all PR workflows
• Removed if: hashFiles('package.json', 'pnpm-lock.yaml') != '' from the dependency-scan job
• Removed if: hashFiles('Dockerfile') != '' from the container-scan job

Root Cause

hashFiles() requires a checked-out workspace and is only valid within step-level contexts. Using it in a job-level if: triggers the parse error: Unrecognized function: 'hashFiles'.

Test plan

• Confirm security workflow runs pass (no "Invalid workflow file" error) after merge
• Verify dependency-scan and container-scan jobs execute as expected

[drips-wave]

Hey @Xaxxoo! 👋 It looks like this PR isn't linked to any issue.

If this PR is for one of the issues assigned to you as part of a Wave, please link it to ensure your contribution is tracked properly. You can do this by adding a keyword to the PR description (e.g., Closes #123), or by clicking a button below:

Issue	Title
#877	Add role-based field visibility enforcement at the serialization layer	Link to this issue
#875	Add API versioning enforcement middleware to reject requests to deprecated versions	Link to this issue
#858	Add feature flag state change audit log for compliance traceability	Link to this issue
#876	Add content reporting escalation workflow to ModerationModule	Link to this issue

ℹ️ Learn more about linking PRs to issues