Fix release of policies

[viccuad]

After merging today's bot PRs, some of which included serde bumps, some policies are failing on the release job when running e2e tests.

Acceptance criteria

1. Investigate why the e2e tests fail for these policies
2. Make sure the release job is green for main
3. Potentially configure the policies' CI to run e2e tests on PRs, so we are made aware earlier in the process.

[viccuad]

Failing policies:

• https://github.com/kubewarden/psa-label-enforcer-policy/actions/runs/10560894997/job/29255418185
• https://github.com/kubewarden/verify-image-signatures/actions/runs/10560985945/job/29255737075
• https://github.com/kubewarden/persistentvolumeclaim-storageclass-policy/actions/runs/10561032788/job/29255895009

[viccuad]

Turns out that psa-label-enforcer-policy, persistentvolumeclaim-storageclass-policy where failing because of changes related to https://github.com/kubewarden/kubewarden-controller/issues/838 but were not discovered until release as we don't run e2e tests for Rust policies in CI.

Opened PRs to them and https://github.com/kubewarden/github-actions/pull/134 to fix that.

This leaves verify-image-signatures-policy, investigating it.

[viccuad]

Closing. verify-image-signatures fails with kwctl 1.15 onwards, when kwctl tries to fetch the fulcio certs from the TUF repo. This needs to be properly tracked in kwctl, and checked against sigstore-rs.