[CI] Fix supply-chain workflows (SLSA/SBOM/Syft permissions)

[JasonEran]

Epic: #14

Goal

Make supply-chain workflow pass reliably.

Acceptance Criteria

• SLSA generator permissions fixed.
• SBOM generation succeeds.
• No deprecated actions.

[JasonEran]

Final Evidence

Delivered via PR #50:

• [v2.3][CI] Stabilize supply-chain triggers + action versions #50

Merged commit:

• 52b6597

Acceptance Mapping

• SLSA generator permissions path preserved and proven by successful runs.
• SBOM generation succeeds with refreshed action stack:
  • docker/build-push-action@v6
  • anchore/sbom-action@v0.22.2
  • sigstore/cosign-installer@v4
• No deprecated action references in supply-chain.yml.

Workflow Evidence (manual dispatch on feature/v2.3)

• Supply Chain run: https://github.com/JasonEran/Aether-Guard/actions/runs/22387405901 (success)
• SLSA Source Provenance run: https://github.com/JasonEran/Aether-Guard/actions/runs/22387406761 (success)
• Example SBOM step success (build-core job): https://github.com/JasonEran/Aether-Guard/actions/runs/22387405901/job/64800952915