There's a merged pull request on the void-packages repository

New packages: grype and syft
https://github.com/void-linux/void-packages/pull/40264

Description:
<!-- Uncomment relevant sections and delete options which are not applicable -->

Follow-up on https://github.com/void-linux/void-packages/pull/34511.

I had lost interest in it, but the yet to be published OpenSSL vulnerability means that I had to scan all my container images for installed OpenSSL versions. `syft` handles that job very well.


#### Testing the changes
- I tested the changes in this PR: **YES**

#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**

<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - aarch64-musl
  - armv7l
  - armv6l-musl
-->