ci(release): hardcode KO_DOCKER_REPO + publish chart as OCI artifact

[trilamsr]

Summary

Two rc1-prep issues that both touch .github/workflows/release.yml.

#316 — Hardcode KO_DOCKER_REPO at the step level

SLSA L3 §parameterless-build requires that the build invocation cannot
be influenced by operator-supplied parameters. Previously
KO_DOCKER_REPO lived on the ko-publish job's env: block, which
SLSA's verifier treats as a job-level input that could be overridden.
Moved onto the single step that actually invokes ko build. Nothing
higher in the workflow can redirect the image push target without
editing this file.

Acceptance check: grep KO_DOCKER_REPO .github/workflows/release.yml
returns only the one step-scoped assignment (line 493) — all other
matches are comments.

#317 — Publish chart as OCI artifact + cosign keyless sign

Air-gapped operators previously had to git clone to get the chart.
Added a chart-publish job that runs on every release tag:

• helm package install/kubernetes/tracecore
• helm push oci://ghcr.io/tracecoreai/charts (resolves to
  oci://ghcr.io/tracecoreai/charts/tracecore:<chart-version>)
• cosign sign --yes by digest, keyless, under the same workflow
  identity regex as the binary archives and container image — so one
  cosign verify invocation covers every artifact the workflow
  produces
• cosign verify smoke check before the job exits
• mirror the .tgz onto the GitHub Release for UI-discovery

The pushed chart version is Chart.yaml.version (NOT the release tag)
— the chart is independently versioned from the binary per RFC-0013
§chart-versioning, and scripts/chart-appversion-check.sh already
asserts Chart.appVersion ↔ binary version lockstep at release-prep
time.

Job permissions: contents: write (GitHub Release upload),
id-token: write (OIDC for keyless cosign), packages: write
(ghcr.io push). Helm registry login uses GITHUB_TOKEN against
ghcr.io; cosign uses the workflow's OIDC token against Fulcio.

Chart README now documents the helm install oci://... path.
docs/RELEASE-CHECKLIST.md adds a tag-cut verification step that
pulls the chart on a fresh host and verifies the cosign signature.

Test plan

• actionlint .github/workflows/*.yml clean
• python3 -c "import yaml; yaml.safe_load(...)" clean for release.yml
• grep KO_DOCKER_REPO .github/workflows/release.yml shows only
  one step-scoped assignment ([rc1-prep] Hardcode KO_DOCKER_REPO step-level for parameterless build #316 acceptance)
• Chart README still has every required H2 the chart.yml
  workflow asserts (Install, Upgrade, Uninstall, Values reference,
  Troubleshooting)
• First post-merge release tag verifies the full chain:
  • helm pull oci://ghcr.io/tracecoreai/charts/tracecore --version <chart-version>
    on a fresh host (no prior helm registry login)
  • cosign verify oci://ghcr.io/tracecoreai/charts/tracecore:<chart-version>
    with the workflow identity regex
  • grep KO_DOCKER_REPO .github/workflows/release.yml | grep -v '#'
    returns exactly one line, scoped to the ko build + push step

Notes

• helm push parses Digest: sha256:... from stdout (Helm 3.16 has
  no --output json); falls back to a hard error if the digest line
  is missing, so a silent regression on a future Helm upgrade fails
  loudly rather than skipping the cosign signing step.
• The setup-ko action's auto-login behavior was verified against
  the pinned commit (d006021bd0): when KO_DOCKER_REPO is unset at
  setup-ko execution time, the action runs ko login ghcr.io itself
  using GITHUB_TOKEN and writes a derived value to $GITHUB_ENV.
  Setting KO_DOCKER_REPO at step-level later still wins (step env

  job env), so the SLSA-correct path is preserved.

Closes #316, #317.

[trilamsr]

Addressed reviewer nit: digest extraction now pipes through tail -1 to bind cosign to the final successful push line when helm retries. cosign verify was already positioned between sign and Release upload — no move needed.