fix: address frontend validation, accessibility, Docker config, and CI scanning issues

[lishmanTech]

Summary

This PR improves frontend configuration, CI security scanning, accessibility, and form validation across the RemitLend application.
Changes

Infrastructure

• Configured the frontend Docker build to accept all required NEXT_PUBLIC_* build-time variables using ARG and ENV.
• Updated the staging deployment workflow to pass frontend build arguments during image builds.
• Removed misleading runtime-only NEXT_PUBLIC_* variables from the staging Docker Compose configuration.
• Documented required frontend build-time environment variables.

CI/CD

• Added Trivy vulnerability scanning for the frontend container image.
• Added HIGH severity warning scans for the frontend image.
• Added CRITICAL severity fail-gate scans for the frontend image.
• Uploaded frontend SARIF reports to GitHub Security for visibility alongside backend scan results.

Frontend

• Added validation to prevent enabling SMS notifications without providing a phone number.
• Added basic phone number format validation before saving notification preferences.
• Displayed field-level validation errors for invalid phone numbers.

Accessibility

• Associated the remittance recipient validation error with the corresponding input using the existing Input component error API.
• Removed the detached error message so assistive technologies correctly announce validation errors.

Testing

• Verified frontend Docker image builds successfully with build-time NEXT_PUBLIC_* variables.
• Verified frontend Trivy scans run during the CI workflow.
• Verified CI fails on CRITICAL frontend vulnerabilities.
• Verified SMS notification preferences cannot be saved when the phone number is missing or invalid.
• Verified valid phone numbers allow preferences to be saved.
• Verified recipient address validation is announced correctly and associated with the input field.

Closes #1111
Closes #1112
Closes #1113
Closes #1114