ci: add GitHub Actions workflow to publish Docker images to GHCR

[wicky-zipstack]

What

• Add GitHub Actions workflow to build and publish Docker images to GitHub Container Registry (ghcr.io)
• Publishes ghcr.io/zipstack/visitran/backend and ghcr.io/zipstack/visitran/frontend

Why

• Users currently have to clone the repo and build images from source to run Visitran
• Pre-built Docker images allow users to get started with a simple docker pull
• GHCR is free for public images, has unlimited pulls, and integrates natively with GitHub — no separate Docker Hub account needed

How

• New workflow file: .github/workflows/docker-publish.yml
• Triggers: GitHub release (automatic) or manual dispatch (workflow_dispatch)
• Builds: Both backend and frontend images in parallel using a matrix strategy
• Tags: Semver tags (v1.0.0, v1.0) + latest on release; custom tag on manual dispatch
• Auth: Uses built-in GITHUB_TOKEN — no external secrets required
• Caching: GitHub Actions cache (type=gha) with per-image scoping for faster rebuilds
• Checkout ref: Explicitly checks out the release tag or dispatch input to ensure the correct commit is built
• Portability: Uses GITHUB_REPOSITORY for dynamic image prefix — works across forks and transfers
• Multi-platform: Builds for linux/amd64 and linux/arm64

Can this PR break any existing features. If yes, please list possible items. If no, please explain why. (PS: Admins do not merge the PR without this section filled)

• No. This is a new workflow file only. It does not modify any existing code, tests, Dockerfiles, or workflows. It only runs when explicitly triggered (release or manual dispatch).

Database Migrations

• None

Env Config

• GITHUB_TOKEN workflow permissions must be set to "Read and write" (already confirmed as enabled)

Relevant Docs

• GitHub Docs: Publishing Docker images
• Docker Build and Push Action

Related Issues or PRs

• Reference implementation: Zipstack/mfbt GHCR packages
• Follow-up: Update README with Docker pull commands and badge after first successful publish

Dependencies Versions

• actions/checkout@v4
• docker/setup-qemu-action@v3
• docker/setup-buildx-action@v3
• docker/login-action@v3
• docker/metadata-action@v5
• docker/build-push-action@v6

Notes on Testing

• After merge, trigger manually: Actions → "Build and Publish Docker Images to GHCR" → Run workflow → tag: latest
• Verify images at: https://github.com/orgs/Zipstack/packages?repo_name=visitran
• Test pull: docker pull ghcr.io/zipstack/visitran/backend:latest

Screenshots

N/A — CI workflow, no UI changes.

Checklist

• I have read and understood the Contribution Guidelines.
• Workflow permissions verified (Read and write enabled)
• No existing workflows modified
• Both backend and frontend images included