Public package/container discoverability: surface signed images, SBOMs, provenance

[fheikens]

Context

The container supply chain is done well — arq-signals images are cosign-signed (keyless OIDC) with SBOM attestation, and pgAgroal images ship SBOM + SLSA provenance + Cosign signatures. But the artifacts are not discoverable. The arq-signals GHCR package in the org is currently private, so even though the release workflow publishes and signs it, the public cannot pull or verify it. This makes the strongest part of the engineering story invisible.

Open question (do not assume): are these images intended to be public? Arq-Signals and pgAgroal are BSD-3 OSS, which argues yes — but visibility is an explicit owner decision (constraint: do not expose anything unintentionally). No "public pull" docs land until this is confirmed.

Acceptance criteria

• Decide and record intended visibility for: ghcr.io/elevarq/arq-signals, the pgAgroal image (Docker Hub elevarq/pgagroal and/or GHCR mirror).
• For each image confirmed public: set package visibility to public (package Settings UI — no REST endpoint), and link the package from the repo sidebar ("Packages") + README.
• Verification commands (cosign verify / verify-attestation) referenced from each repo's release docs.
• Any image that should stay private is documented as such; no public-pull instructions reference it.

Change type

Org/package settings (UI-only) + documentation. Blocked on the visibility decision.

[fheikens]

Partial resolution: the pgAgroal image (docker.io/elevarq/pgagroal) is confirmed public with cosign signatures published — so that half is just a discoverability/docs task (see Elevarq/pgAgroal#30). Still open: the arq-signals GHCR package is private; its visibility is a separate decision and is non-patent-sensitive OSS, but awaiting maintainer confirmation before any public-pull wording.