chore: add workflow to build images

[HumairAK]

Resolve: #11208

This commit adds a github workflow that will build v2 images and push them to GHCR. It uses the GITHUB_TOKEN to authenticate and uses docker provisioned github actions to streamline the flow.

The workflow also creates attestations for the packages which can be used to verify provenance and integrity.

The workflow can be triggered manually or via another workflow call. The latter is to supplement future automation flows.

Here's a sample org imitating Kubeflow org, this is how we would expect the Github packages to look like: [1]

This is what a workflow run looks like: [1]

Here's what the attestations look like: [1]

Here's a sample page for a given kfp component's packages: [1]

Here are the configurable options when triggering this workflow:

Here's an example of how you can verify attestation:

$ gh attestation verify oci://ghcr.io/example-test-organization/kfp-driver:2.3.0 -R example-test-organization/pipelines   Loaded digest sha256:fb1f8646fe170a37bed6a9c7c4cb767589c90fdd615b76b130e108744c3ef353 for oci://ghcr.io/example-test-organization/kfp-driver:2.3.0
Loaded 1 attestation from GitHub API
✓ Verification succeeded!

sha256:fb1f8646fe170a37bed6a9c7c4cb767589c90fdd615b76b130e108744c3ef353 was attested by:
REPO                                 PREDICATE_TYPE                  WORKFLOW                                            
example-test-organization/pipelines  https://slsa.dev/provenance/v1  .github/workflows/image-builds.yml@refs/heads/master

Here's an example of a failure:

$ gh attestation verify oci://ghcr.io/example-test-organization/kfp-driver:sha-e1ddfb9 -R example-test-organization/pipelines
Loaded digest sha256:e737db626f23f58ed52a9d2966eeeda1279a41b7dccef36aa6d36448ec40c484 for oci://ghcr.io/example-test-organization/kfp-driver:sha-e1ddfb9
✗ Loading attestations from GitHub API failed

Error: failed to fetch attestations from example-test-organization/pipelines: HTTP 404: Not Found (https://api.github.com/repos/example-test-organization/pipelines/attestations/sha256:e737db626f23f58ed52a9d2966eeeda1279a41b7dccef36aa6d36448ec40c484?per_page=30)

Checklist:

• You have signed off your commits
• The title for your pull request (PR) should follow our title convention. Learn more about the pull request title convention used in this repository.

[google-oss-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign hbelmiro for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• .github/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment