ci: Disable non-OCI-compliant provenance

Author: Starkteetje

.github/actions/build/action.yml

@@ -65,8 +65,8 @@ runs:
         labels: ${{ inputs.image_labels }}
         file: docker/Dockerfile
         build-args: COSIGN_VERSION=${{ inputs.cosign_version }}
-        sbom: true
-        provenance: true
+        sbom: false  # Duplicates SBOMs manually created below
+        provenance: false  #TODO: Set to false, as resulting format is not OCI (GHCR) compliant (https://github.com/docker/build-push-action/issues/820) and causes problems with GHCR and e.g. image deletion (https://github.com/snok/container-retention-policy/issues/63)
     - name: Create SBOM
       uses: anchore/sbom-action@5ecf649a417b8ae17dc8383dc32d46c03f2312df # v0.15.1
       with: