docs: add Dockerfile auto-discovery workflow pattern (#25)

Add documentation for automatically discovering Dockerfiles in repos
with multiple Dockerfile locations. Uses a two-job workflow pattern
where the first job finds Dockerfiles matching common patterns
(Dockerfile, Dockerfile.*, *.dockerfile) while excluding test fixtures
and build artifacts, then passes discovered paths to the scan job.

This approach was chosen over building discovery into Socket Basics
itself for better portability and per-repo customization.

Author: dc-larsen

docs/github-action.md

@@ -8,6 +8,7 @@ Complete guide to integrating Socket Basics into your GitHub Actions workflows f
 - [Basic Configuration](#basic-configuration)
 - [Enterprise Features](#enterprise-features)
 - [Advanced Workflows](#advanced-workflows)
+  - [Dockerfile Auto-Discovery](#dockerfile-auto-discovery)
 - [Configuration Reference](#configuration-reference)
 - [Troubleshooting](#troubleshooting)
 
@@ -385,6 +386,88 @@ jobs:
           trivy_vuln_enabled: 'true'
 ```
 
+### Dockerfile Auto-Discovery
+
+For repositories with multiple Dockerfiles across different directories, you can automatically discover them instead of manually listing each path.
+
+```yaml
+name: Security Scan with Dockerfile Auto-Discovery
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+  push:
+    branches: [main]
+
+jobs:
+  discover-dockerfiles:
+    runs-on: ubuntu-latest
+    outputs:
+      dockerfiles: ${{ steps.discover.outputs.dockerfiles }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Discover Dockerfiles
+        id: discover
+        run: |
+          DOCKERFILES=$(find . -type d \( \
+            -name node_modules -o -name vendor -o -name .git -o \
+            -name test -o -name tests -o -name testing -o -name __tests__ -o \
+            -name fixture -o -name fixtures -o -name testdata -o \
+            -name example -o -name examples -o -name sample -o -name samples -o \
+            -name dist -o -name build -o -name out -o -name target -o \
+            -name venv -o -name .venv -o -name .cache \
+            \) -prune -o \
+            -type f \( -name 'Dockerfile' -o -name 'Dockerfile.*' -o -name '*.dockerfile' \) \
+            -print | sed 's|^./||' | paste -sd ',' -)
+
+          echo "Discovered Dockerfiles: $DOCKERFILES"
+          echo "dockerfiles=$DOCKERFILES" >> $GITHUB_OUTPUT
+
+  security-scan:
+    needs: discover-dockerfiles
+    if: needs.discover-dockerfiles.outputs.dockerfiles != ''
+    permissions:
+      issues: write
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Run Socket Basics
+        uses: SocketDev/socket-basics@1.0.26
+        env:
+          GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }}
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          dockerfiles: ${{ needs.discover-dockerfiles.outputs.dockerfiles }}
+          trivy_vuln_enabled: 'true'
+```
+
+**How it works:**
+
+1. **Discovery job** uses `find` to locate Dockerfiles matching common patterns:
+   - `Dockerfile` (exact match)
+   - `Dockerfile.*` (e.g., `Dockerfile.prod`, `Dockerfile.dev`)
+   - `*.dockerfile` (e.g., `backend.dockerfile`)
+
+2. **Excluded directories** prevent scanning test fixtures and build artifacts:
+   - Package managers: `node_modules`, `vendor`, `venv`
+   - Test directories: `test`, `tests`, `__tests__`, `fixtures`
+   - Build outputs: `dist`, `build`, `out`, `target`
+
+3. **Scan job** receives discovered paths via job output and skips if none found
+
+**Customizing discovery patterns:**
+
+```yaml
+# Only scan production Dockerfiles
+-type f -name 'Dockerfile.prod' -print
+
+# Add custom exclusions
+-name custom_test_dir -o -name legacy -o \
+```
+
 ### Custom Rule Configuration
 
 ```yaml