[1.8.4] Add docker-buildx SLSA provenance attestations manifests support

[STARRY-S]

Describe

Related docs:

• Build attestations: https://docs.docker.com/build/attestations/
• Provenance attestations: https://docs.docker.com/build/attestations/slsa-provenance/

The container image built by docker buildx buildkit contains SLSA provenance in manifest list:

{
  "schemaVersion": 2,
  "mediaType": "application/vnd.oci.image.index.v1+json",
  "manifests": [
    {
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:d618c72f5d6d4f658dea0ca8765c6ffa6e4f33dc945f28949ff3df3017268dac",
      "size": 1244,
      "platform": {
        "architecture": "amd64",
        "os": "linux"
      }
    },
    {
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:dea55ff6f2cec1af70783be2a12efd1c346cf6447ccfb0ddf4b0da90c3140abd",
      "size": 566,
      "annotations": {
        "vnd.docker.reference.digest": "sha256:d618c72f5d6d4f658dea0ca8765c6ffa6e4f33dc945f28949ff3df3017268dac",
        "vnd.docker.reference.type": "attestation-manifest"
      },
      "platform": {
        "architecture": "unknown",
        "os": "unknown"
      }
    }
  ]
}

Add feature to allow hangar to mirror/save/load the attestation-manifests.

[STARRY-S]

After v1.8.4, the manifest index mediaType created by Hangar will change from application/vnd.docker.distribution.manifest.list.v2+json to application/vnd.oci.image.index.v1+json to support OCI image index annotations.