Add OCI image annotations

These annotations are useful for tools (such as Renovate and Snyk) to use as well as for manual use by individuals.

See: https://github.com/opencontainers/image-spec/blob/v1.1.0/annotations.md#pre-defined-annotation-keys

.github/workflows/release.yaml

@@ -28,6 +28,8 @@ jobs:
           for tag in ${tags[@]}; do
               oras push ghcr.io/aquasecurity/trivy-policies:${tag} \
               --config /dev/null:application/vnd.cncf.openpolicyagent.config.v1+json \
+              --annotation "org.opencontainers.image.source=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \
+              --annotation "org.opencontainers.image.revision=$GITHUB_SHA" \
               bundle.tar.gz:application/vnd.cncf.openpolicyagent.layer.v1.tar+gzip
           done
       - name: Deploy checks bundle to ghcr.io