Provide instructions how to replace docker-ci-scripts with official workflows.

[JeroenKnoops]

The official docker build-push-action now also supports SBOM (with syft) and generating provenance (with SLSA).

https://github.com/docker/build-push-action#inputs

Provide alternative for docker-ci-scripts in example / re-usable workflows so people can start using the official docker github actions.

Rationale

SSSC is now integrated in docker/build-push-action

The value of docker-ci-scripts for having everything in one action is now reduced. Previous build pipelines were very long if you wanted to do proper Secure Software Supply Chain stuff like Signing with CoSign, SBOM with Syft and Provenance with SLSA.

Now creating the SBOM and Provenance is done in docker/build-push-action including installing the correct versions, so this will make the workflow a lot more clear.

Multiple tags

Having an easy way of generating multiple versions for a container f.e. latest, v1, v1.1, and v1.1.8 can now be done with https://github.com/docker/metadata-action

[JeroenKnoops]

We might use https://github.com/charmbracelet/vhs-action to make it more appealing.

[JeroenKnoops]

As of Buildx release v0.10.0 slsa / sbom and signing are included by default. So the need for docker-ci-scripts are becoming less and less important.