NPA-6800: Update PR check in each repo to fail on High severity rather than critical

[davesmallnhs]

Pull Request

🧾 Ticket Link

https://nhsd-jira.digital.nhs.uk/browse/NPA-6800

---

📄 Description/Summary of Changes

• The validated-relationships-service-api repo has a different setup - it uses GitHub's built-in dependency-review-action rather than grype.
• Without fail-on-severity set, the dependency-review-action defaults to failing on any severity level — i.e. low and above. So it would already be blocking PRs, just on a wider net including Low and Medium vulnerabilities.

---

🧪 Developer Testing Carried Out

---

📋 PR Principles

• Keep PRs Small and Focused: Ensure the PR addresses a single task or feature to make it easier to review.
• Multiple PRs for one Ticket: When splitting work into multiple PRs, clearly describe what this PR addresses and outline the remaining work to complete the ticket.
• Ensure Tests Are Included: Add or update unit, integration, or end-to-end tests to cover the changes made.
• Follow Coding Standards: Ensure the code adheres to the team's coding guidelines and best practices.
• Resolve Comments Promptly: If you raise a comment, ensure you follow up and resolve it before approving the PR to maintain clarity and ensure comments are addressed.
• Foster Learning: PR reviews are an opportunity to share knowledge, provide constructive feedback, and encourage a collaborative environment.

🏷️ Naming Conventions Reminder

Please ensure the following naming conventions are followed:

• PR title follows the format: NPA-XXXX: <short-description>
• Branch name follows the convention: <type>/NPA-XXXX/<short-description>
• Commit messages follow the template: NPA-XXXX: <short-description>

[github-actions]

This branch is work on a ticket in the NHS Digital NPA JIRA Project. Here's a handy link to the ticket:

NPA-6800