gha: Add image build check for s390x

[BbolroC]

Issue #568 highlights the need for an image build check for s390x, similar to what we have for x86_64. This PR addresses the need by:

• Extracting the image build steps from the push-{kbs,as}-image-to-ghcr workflow into separate workflows
• Configuring these workflows to run on PR events or after merging a PR

Notable change:

• On merge, the workflow now pushes ghcr.io/confidential-containers/staged-images/rhel-ubi

The changes on PR events have been verified with:

• KBS: https://github.com/BbolroC/trustee/actions/runs/11840113329
• AS: https://github.com/BbolroC/trustee/actions/runs/11839493749

The changes on merge needs to be verified after merging this PR. I will keep an eye on how it goes and bring things up immediately when something goes wrong. Thanks.

Signed-off-by: Hyounggyu Choi Hyounggyu.Choi@ibm.com

[BbolroC]

It seems that two workflows (e.g., one triggered on merge and another on PR events) are being executed when the PR is merged. This results in a duplicate image build step, similar to what we observed in the guest-components repository.

I will create a follow-up PR similar to the following to deduplicate the image build process:

• https://github.com/confidential-containers/guest-components/pull/644
• https://github.com/confidential-containers/guest-components/pull/648

Thanks.

---

This behaviour is not something this PR has introduced. The docker build check workflow has been called on merge together with the build-and-push workflow like: https://github.com/confidential-containers/trustee/actions/runs/11854184038/job/33035819254