Originally just wanted to add the standard opencontainer labels that
docker/metadata provide
but with "mr-smithers-excellent" seemed to only half implement docker
support, and a higher risk than docker for supply chain issues, so I
went all out and also added cosign to sign the images.
Docker metadata tags supports all the custom code to create version
tags, out of the box and fully maintained
Also dropped the manual workflow, just merged it into cd.yml since you
can select tags when you manual dispatch, and thats less to maintain
