ci: enhance Docker workflow and introduce sbom support

- Add build arguments, `VERSION` set to `latest` and `RELEASE` set to GitHub run number, in docker_publish_latest.yml workflow
- Cache to registry instead of GitHub Actions to avoid the capacity limit
- Enable Software Bill of Materials (sbom) and provenance during the Docker image build process

Signed-off-by: 陳鈞 <[email protected]>

Author: jim60105

.github/workflows/docker_publish_latest.yml

@@ -43,4 +43,12 @@ jobs:
           target: final
           tags: ${{ steps.setup.outputs.tags }}
           labels: ${{ steps.setup.outputs.labels }}
+          build-args: |
+            VERSION=latest
+            RELEASE=${{ github.run_number }}
           platforms: linux/amd64,linux/arm64
+          # Cache to regietry instead of gha to avoid the capacity limit.
+          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/yt-dlp:cache
+          cache-to: type=registry,ref=ghcr.io/${{ github.repository_owner }}/yt-dlp:cache,mode=max
+          sbom: true
+          provenance: true