docs: add docs for image signing

[KrisF-Midnight]

Overview

Add documentation for the container image signing and SBOM/vulnerability scanning infrastructure implemented in PR #562 (SRE-1741). This fulfills the documentation requirements from JIRA ticket SRE-1744.

New documentation created:

• docs/security/image-signing.md - Overview of signing architecture, keyless OIDC flow, SBOM generation, and vulnerability scanning
• docs/security/verification-guide.md - Step-by-step commands for verifying signatures and SBOMs, including Kubernetes admission controller examples
• docs/security/signing-runbook.md - Operational procedures, troubleshooting guides, CVE management, and emergency procedures
• docs/operations/release-checklist.md - Pre/post-release verification steps including security gates

Updated:

• README.md - Added links to the new security and operations documentation

🗹 TODO before merging

• Ready

📌 Submission Checklist

• Changes are backward-compatible (or flagged if breaking)
• Pull request description explains why the change is needed
• Self-reviewed the diff
• I have included a change file, or skipped for this reason: Documentation-only changes, no product impact
• If the changes introduce a new feature, I have bumped the node minor version
• Update documentation (if relevant)
• Updated AGENTS.md if build commands, architecture, or workflows changed - N/A, no changes to builds/architecture/workflows
• No new todos introduced

🧪 Testing Evidence

Please describe any additional testing aside from CI:

• Verified all internal links between documentation files are consistent

• Verified verification commands match the implementation in .github/scripts/sbom-scan.sh and .github/workflows/sbom-scan-image.yml

• Documentation references correct image registries (ghcr.io/midnightntwrk/*, midnightntwrk/*)

• Additional tests are provided (if possible) - N/A for documentation

🔱 Fork Strategy

• Node Runtime Update
• Node Client Update
• Other:
• N/A

Links

JIRA: SRE-1744
Related: #562 (SRE-1741 implementation PR)

[github-actions]

KICS version: v2.1.16

Category Results CRITICAL 0 HIGH 0 MEDIUM 96 LOW 12 INFO 83 TRACE 0 TOTAL 191	Metric Values Files scanned 31 Files parsed 31 Files failed to scan 0 Total executed queries 73 Queries failed to execute 0 Execution time 9

[gilescope]

For the release checklist please add in additional steps here:

https://github.com/midnightntwrk/midnight-node/blob/main/.github/ISSUE_TEMPLATE/node-release-checklist.md

(The other pages look good)

[CLAassistant]

All committers have signed the CLA.

[KrisF-Midnight]

For the release checklist please add in additional steps here:

https://github.com/midnightntwrk/midnight-node/blob/main/.github/ISSUE_TEMPLATE/node-release-checklist.md

(The other pages look good)

I've made the change. Can you please review.