Use relative path for vulnerability_scan instead of self-reference SHA

Avoids the circular dependency where the self-reference SHA always
points to a commit before the current changes. Since the repo is
already checked out at $working_dir/uid2-shared-actions, we can
reference the action via a local path.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: BehnamMozafari

.github/workflows/shared-build-and-test.yaml

@@ -72,7 +72,7 @@ jobs:
           path: ${{ inputs.working_dir }}/target/site/jacoco/*
 
       - name: Vulnerability Scan
-        uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@83defcc6516d8965a7807af3152c0b83f0b755ff # v3
+        uses: ./${{ inputs.working_dir }}/uid2-shared-actions/actions/vulnerability_scan
         with:
           scan_severity: HIGH,CRITICAL
           failure_severity: ${{ inputs.vulnerability_severity }}