feat: enable sbom, provenance and cosign (#4)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **New Features**
	- Added the ability to sign Docker container images using Cosign.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Author: insider89

.github/workflows/branch.yml

@@ -43,6 +43,9 @@ jobs:
         with:
           fetch-depth: 2
 
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@v3
+
       - name: Install Node.js
         uses: actions/setup-node@v4
         with:
@@ -114,3 +117,7 @@ jobs:
       - name: Build Docker container
         run: |
           pnpm run docker
+
+      - name: Cosign Docker container
+        run: |
+          pnpm run cosign

package.json

@@ -13,7 +13,8 @@
     "write-translations": "docusaurus write-translations",
     "write-heading-ids": "docusaurus write-heading-ids",
     "typecheck": "tsc",
-    "docker": "bash -c \"docker buildx build . --platform=linux/amd64,linux/arm64 -t ghcr.io/settlemint/btp-docs:${VERSION:-7.0.0-dev.$(date +%s)} --push --progress=plain\""
+    "docker": "bash -c \"docker buildx build . --provenance true --sbom true --platform=linux/amd64,linux/arm64 -t ghcr.io/settlemint/btp-docs:${VERSION:-7.0.0-dev.$(date +%s)} --push --progress=plain\"",
+    "cosign": "cosign sign --yes ghcr.io/settlemint/btp-docs:${VERSION:-7.0.0-dev.$(date +%s)}"
   },
   "dependencies": {
     "@cmfcmf/docusaurus-search-local": "1.1.0",