GH action: run e2e tests on PRs

[flavio]

The policy now has e2e tests. We should run these tests on each PRs

[viccuad]

(I've monitored this since I was the one that merged https://github.com/kubewarden/allow-privilege-escalation-psp-policy/pull/40 without performing manual testing myself)

It seems that right now the problem is missing permissions for cosign, even if we only sign blobs that get uploaded to GHA artifacts, because of the reusable build policy workflow. The fix should be: https://github.com/kubewarden/verify-image-signatures/blob/bf2c7252ee8e0e768304a04633ac16412a9e4031/.github/workflows/release.yml#L24-L25

[flavio]

I've changed the code to install only kwctl. This time it should work, but then fail with the e2e errors you reported on the other issue

[viccuad]

it seems it's not enough. The reusable gha policy-build-rust builds, signs via cosign, and uploads the signatures artifacts to the workflow artifacts: https://github.com/kubewarden/github-actions/blob/v1/policy-build-rust/action.yaml#L51-L64 I'm ok with that signing. An option would be to add a new sign input var to that gha policy-build-rust, defaulting to true. And we set it to false when using the workflow just for e2e tests.