docs: clarify cve enable config semantics

Agent-Logs-Url: https://github.com/project-zot/zot/sessions/1ad9a48e-b34b-4cf5-8672-fcad1eec752f

Co-authored-by: rchincha <45800463+rchincha@users.noreply.github.com>

pkg/extensions/config/config.go

@@ -53,6 +53,8 @@ type SearchConfig struct {
 }
 
 type CVEConfig struct {
+	// Enable controls whether CVE scanning is active for search.
+	// If omitted, CVE scanning defaults to enabled when search is enabled.
 	Enable         *bool         `mapstructure:",omitempty" json:",omitempty"`
 	UpdateInterval time.Duration // should be 2 hours or more, if not specified default be kept as 2 hours
 	Trivy          *TrivyConfig