Consider scanning container images before deploying workers

Does cloud.gov already do this?