Create GitHub Action to build and publish image to ghcr.io for local testing (arm64)

[medmes]

Objective

As part of the Kyma image build spike (kyma-project/lifecycle-manager#2785), a dedicated GitHub Actions workflow was created for lifecycle-manager to build and publish images to ghcr.io/kyma-project/ for fast local testing — especially on Apple M-series (arm64) machines.

The same pattern should be applied to template-operator.

Background

The official Kyma image builder delegates the actual Docker build to an Azure DevOps pipeline via OIDC + GCP Secret Manager. This cross-system round-trip adds significant overhead (ADO queue wait, OIDC bootstrap, no GHA layer cache) and only produces linux/amd64 images. It is required for production due to SLC-29 compliance and Signify image signing.

For local development and PR testing, a direct GitHub Actions build using docker/build-push-action with BuildKit is significantly faster and supports linux/arm64 in a single job (no tag-collision between arch-specific jobs).

Acceptance Criteria

• A GitHub Action (image-builder-local.yml) is created to build and publish template-operator images to ghcr.io/kyma-project/template-operator.
  • Supports linux/arm64 and linux/amd64.
  • Triggers on pull_request_target (non-draft) and push to main.
  • Permissions scoped to job level only (permissions: {} at workflow level).
  • Explicit checkout of PR head SHA for pull_request_target.
  • Uses type=gha layer cache for fast repeat builds.
• Tags: pr-<number> + sha-<short> for PRs; latest + sha-<short> for main.
• E2E tests remain unaffected — they continue to use images from europe-docker.pkg.dev.

Reference Implementation

See lifecycle-manager image-builder-local.yml — copy and adjust IMAGE_NAME to kyma-project/template-operator.