Make identifiable temporary bundle image tags

[carolynvs]

What does this change

When we publish a bundle, we have to push the invocation image temporarily to a tag, so that we can then retrieve its repository digest. Right now the tag is the hash of the bundle reference, which is impossible for someone maintaining a registry to identify and clean up.

This changes the format of the temporary invocation image tag to:

porter-HASH

For example:

The input text for the invocation image hash is the location of the bundle:

ghcr.io/getporter/examples/porter-hello:v0.2.0

which results in a md5 hash of 3cb284ae76addb8d56b52bb7d6838351, so the resulting temporary location where we push the invocation image is:

ghcr.io/getporter/examples/porter-hello:porter-3cb284ae76addb8d56b52bb7d6838351

I have updated all our code to use the same function to generate the temporary tag, even for referenced images which previously used a different method of computing the hash when publishing from an archive. Referenced images now compute the hash based on the original location of the image.

So if a bundle referenced nginx:v1.0.0 and is used in a bundle located at example.com/mybuns, the temporary location for nginx would be:

example.com/mybuns:porter-55135915b5d3b5cf91b7305ec6a76d6e

where the hash uses the location of the original image (nginx:v1.0.0)

What issue does it fix

Closes #2319

Notes for the reviewer

N/A

Checklist

• Did you write tests?
• Did you write documentation?
• Did you change porter.yaml or a storage document record? Update the corresponding schema file.
• If this is your first pull request, please add your name to the bottom of our Contributors list. Thank you for making Porter better! 🙇‍♀️

Reviewer Checklist

• Comment with /azp run test-porter-release if a magefile or build script was modified
• Comment with /azp run porter-integration if it's a non-trivial PR