UID2-6764: Add SLSA build provenance attestations to docker publish workflows

[BehnamMozafari]

Summary

Adds SLSA build-provenance attestation to every non-snapshot image published by the shared docker workflows.

• New composite action actions/attest_image wraps the full attest+verify path: it lowercases the image ref once, calls actions/attest@v4.1.0 (pinned to 59d8942), and runs gh attestation verify against the just-pushed digest. Verify failure is hard on public repos; demoted to a warning on private repos (see "Private-repo verify caveat" below).
• Both shared-publish-java-to-docker-versioned.yaml and actions/shared_publish_to_docker/action.yaml now call attest_image@v3 instead of inlining the attest block.
• Publish jobs gain id-token: write and attestations: write.
• Attestation is skipped on snapshot builds via the existing not_snapshot guard.

Closes UID2-6764. Spike was UID2-5763.

Review-comment responses

#	Comment	Resolution
1	Real smoke test without the attest step skipped	Two evidence trails below — an in-repo unit-smoke and an end-to-end smoke through the full shared workflow chain on UnifiedID2/uid2-test-source.
2	Add gh attestation verify step	Built into attest_image. Public repos hard-fail on mismatch; private repos warn-only due to a known gh CLI limitation.
3	Case sensitivity of subject-name	actions/attest@v4 already auto-lowercases subject-name when push-to-registry: true (verified in src/main.ts → downcaseName: inputs.pushToRegistry, applied at src/subject.ts line 47). However gh attestation verify does not lowercase the OCI URI we pass it. attest_image lowercases once and reuses for both. (The first unit-smoke run caught a real case-sensitivity failure when ${{ github.repository }} evaluated to IABTechLab/... and docker push rejected it — proves the concern.)
4	Comment for NODE_OPTIONS	Added inline in attest_image/action.yaml.
5	Extract duplication into a composite action	Done — actions/attest_image/action.yaml.

Smoke test evidence

1. Unit smoke (composite action in isolation)

Run 25542801315 — attest_image against a throwaway alpine image built inline. External verify:

$ gh attestation verify \
    "oci://ghcr.io/iabtechlab/uid2-shared-actions/test-attest@sha256:e008cbdd1c67eee898020ad96d56ff0d42d762585ef4c1153479abaf5a4112bb" \
    --owner "IABTechLab"
✓ Verification succeeded!

- Attestation #1
  - Build repo:..... IABTechLab/uid2-shared-actions
  - Build workflow:. .github/workflows/test-attest-image.yaml@refs/heads/bmz-UID2-6764-artifact-attestation
  - Signer repo:.... IABTechLab/uid2-shared-actions
  - Signer workflow: .github/workflows/test-attest-image.yaml@refs/heads/bmz-UID2-6764-artifact-attestation

2. End-to-end smoke (full shared workflow chain)

Run 25643422322 on UnifiedID2/uid2-test-source (private), branch release-UID2-6764-smoke. Workflow conclusion: success. Exercised in order: shared_publish_setup → docker login → docker metadata → docker build (with load: true) → actions/vulnerability_scan@v3 → docker push (push: true) → actions/attest_image (lowercase → actions/attest@v4.1.0 → in-CI verify) → actions/shared_create_releases@v2 (draft release).

Attestation created for ghcr.io/unifiedid2/uid2-test-source/uid2-6764-smoke@sha256:05058e770dbfc2fe1c8c6a516e2a9b224cd668af5c52f13b87c44f17e2b69e4c, signed by GitHub's internal Sigstore instance, uploaded to both the GitHub attestations API and the OCI registry.

Private-repo verify caveat

The end-to-end smoke surfaced a real gh CLI limitation: for attestations signed by GitHub's internal Sigstore instance (the cert chain used for private repos), gh attestation verify fails with:

Error: verifying with issuer "GitHub, Inc."

Tried --no-public-good, --bundle-from-oci, and explicit --cert-oidc-issuer; same failure. The attestation itself is genuinely created and uploaded — both Attestation uploaded to repository and Attestation uploaded to registry log lines fire, and the bundle is fetchable.

To keep private consumers (UnifiedID2/uid2-snowflake, UnifiedID2/uid2-databricks) from hard-failing on every publish, attest_image demotes a verify failure to a ::warning:: when github.event.repository.private == true. Public repos (the four IABTechLab/* consumers) still hard-fail on a real verify mismatch, preserving Jon's review-#2 intent. External verifiers remain authoritative for both.

Test plan

• Snapshot smoke on IABTechLab/uid2-admin (Java path) — run 25421656856 — not_snapshot guard verified.
• Unit smoke of attest_image — run 25542801315 — sign + verify green.
• End-to-end smoke of the full non-Java shared workflow chain — run 25643422322 — green on a private repo with the verify-warning fallback exercised.
• Release-tag E2E on each public consumer's first real publish after v3 is promoted; verified digests recorded in UID2-6764.

Post-merge sequence

1. Merge this PR.
2. Run update-major-version-tags.yaml on main immediately after — the refactored workflows reference actions/attest_image@v3, and consumers triggering between merge and tag promotion would fail with "action not found".
3. Merge each of the 6 caller-repo follow-up PRs below.
4. On each public consumer's first real publish, capture the verified digest in UID2-6764.
5. Delete IABTechLab/uid2-admin:bmz-UID2-6764-test (the snapshot smoke pin branch).

Caller-repo follow-up — already opened (one PR each, all open)

Repo	PR
IABTechLab/uid2-operator	#2531
IABTechLab/uid2-core	#403
IABTechLab/uid2-admin	#632
IABTechLab/uid2-optout	#402
UnifiedID2/uid2-snowflake	#299
UnifiedID2/uid2-databricks	#132

Each grants id-token: write + attestations: write (plus the implicit defaults the publish job already relied on). They're additive and harmless until this PR merges and v3 is promoted.

SDK images are explicitly out of scope; follow-up ticket to be filed separately.

[jon8787]

Can we do a real smoke test without "Attest build provenance" step being skipped?
e.g. using uid2-test-source or similar?