The output from grype has change in a slightly incompatible way between 0.7.0 and 0.16.0, so after some discussion, it makes sense to release a scan-action@v3 with this update and remove references from the documentation to the vulnerabilities.json as well as the grype-version, since changes in grype output could at any point break this action. Additionally, make sure the SARIF output is as correct as possible, as it's a standard and the only thing Github supports.

• fix SARIF url output
• fix SARIF fix version
• remove references to vulnerabilities.json
• remove grype-version
• fix release-drafter
• update to grype 0.17.0
• actually release v3