fix(cosign): use reusable workflow identity for signature verification

When using reusable workflows with Cosign keyless signing, the certificate
identity reflects the workflow file location (git-flow repo) not the calling
repository. Updated the verification regexp to match the git-flow workflow
identity.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: samuelho-dev

.github/workflows/docker-build-push.yml

@@ -229,8 +229,10 @@ jobs:
         env:
           COSIGN_EXPERIMENTAL: 1
         run: |
+          # For reusable workflows, the signature identity is the workflow file path
+          # not the calling repository, so we use a pattern matching either
           cosign verify \
-            --certificate-identity-regexp="${{ github.server_url }}/${{ github.repository }}.*" \
+            --certificate-identity-regexp="https://github.com/samuelho-dev/git-flow/.github/workflows/.*" \
             --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
             ${{ inputs.registry }}/${{ github.repository_owner }}/${{ inputs.image }}@${{ steps.build.outputs.digest }}