build/bake: pin workflow tool images by digest

[crazy-max]

follow-up #216 (review)

This pins the BuildKit, SBOM scanner, and binfmt container images used by the reusable workflows to immutable image digests.

The build and bake workflows now use tag@sha256 image references for the tool images. The dependency update workflow now resolves image digests through docker buildx imagetools inspect --format '{{json .Manifest}}' and keeps generated dependency PR text readable by showing tag values without digests.

Pinning the reusable workflow alone does not freeze the underlying tool images when those images are referenced only by tag. This change makes the workflow tool image inputs immutable while preserving the existing automated update flow.

cc @stefanprodan

[tonistiigi]

Do we need this? These tools should already be validated by their signature, and the verified tag match in that signature. This tag matching should definitely remain in place as it is better than digest for the case of a human accepting the PR as it is hard for a human to understand if a digest is secure becasue they all look alike.

[crazy-max]

Do we need this? These tools should already be validated by their signature, and the verified tag match in that signature. This tag matching should definitely remain in place as it is better than digest for the case of a human accepting the PR as it is hard for a human to understand if a digest is secure becasue they all look alike.

Good point. I opened this as a direct response to the concern that pinning the reusable workflow doesn't automatically pin the tool images it uses. But you right digest pinning is not the right tradeoff. The better control is the one we already have, which is verifying the image signature and preserving the verified tag match.

cc @stefanprodan