What are the security considerations when scanning Docker images and protecting Kubernetes workloads at runtime?