ci: use dynamic repository owner for container images

[sheurich]

Replace hardcoded letsencrypt with $GITHUB_REPOSITORY_OWNER in workflow image paths.

This enables testing release workflows on forks without modifying the workflow file.

Changes

release.yml:

• ghcr.io/letsencrypt/boulder → ghcr.io/$GITHUB_REPOSITORY_OWNER/boulder
• ghcr.io/letsencrypt/ct-test-srv → ghcr.io/$GITHUB_REPOSITORY_OWNER/ct-test-srv

try-release.yml:

• ghcr.io/letsencrypt/ct-test-srv → ghcr.io/$GITHUB_REPOSITORY_OWNER/ct-test-srv

Testing

Verified by triggering try-release on fork; image paths resolve to fork owner.

[aarongable]

I'm unconvinced we should make this change at all, as it veers dangerously close to referencing untrusted strings in our workflows and enabling fork- or PR-based attacks. However, if other reviewers think this change is fine, at the very least it should use the environment variable version of this rather than the context preprocessor version, to prevent quote escaping issues.

Suggested change

	run: docker tag boulder "ghcr.io/${{ github.repository_owner }}/boulder:${GITHUB_REF_NAME}-go${{ matrix.GO_VERSION }}"
	run: docker tag boulder "ghcr.io/${GITHUB_REPOSITORY_OWNER}/boulder:${GITHUB_REF_NAME}-go${{ matrix.GO_VERSION }}"

[sheurich]

I'm unconvinced we should make this change at all, as it veers dangerously close to referencing untrusted strings in our workflows and enabling fork- or PR-based attacks.

Agree on being cautious, but GITHUB_REPOSITORY_OWNER is the repository owner name per GitHub’s variables reference (https://docs.github.com/en/actions/reference/workflows-and-actions/variables), so I don’t see a fork/PR‑controlled input here. If you have a specific attack path in mind, happy to dig in.