Signing & SBOM for controllers release artifacts

[phoban01]

Description

In order to deliver a secure supply chain for ocm-controllers, we generating an SBOM and additionally sign all artifacts.

Goreleaser provides support realizing this.

[Skarlso]

Alright, ocm-controller SBOMs are working. Same for replication controller is incoming.