Merge branch 'fix/sbom-bad-digest' into 'master'

fix(sign): support sbom attestation with parallel matrix

Closes #138

See merge request to-be-continuous/docker!164