signing template fail when IMAGE_TAG is being changed

When using this component as part of a live demo for GitLab Roadshow Zürich I realized that when I updated the IMAGE_TAG variable the subsequent validation in the build_and_sign job fails. Replacing IMAGE_TAG with CI_COMMIT_REF_NAME fixes the issue:

--- templates/signing/signing.gitlab-ci.yml
+++ templates/signing/signing.gitlab-ci.yml
@@ -46,7 +46,7 @@ build_and_sign:
     - >-
       CERTIFICATE_IDENTITY="$CI_PROJECT_URL//.gitlab-ci.yml@refs/$(
       [[ -n "$CI_COMMIT_TAG" ]] && echo 'tags' || echo 'heads'
-      )/$IMAGE_TAG";
+      )/$CI_COMMIT_REF_NAME";
     - >-
       cosign verify
       --annotations "tag=$IMAGE_TAG"