Use OIDC based keyless signing for stable version images

In !1481 (merged), we added signing of docker images to the workflow. However, the stable version images, being built in dev.gitlab.org, is signed with a keypair and not OIDC. We should modify the release process so that they get signed in a keyless manner using OIDC so that users can verify the signatures in a more convenient way.

Proposal

1. Add a new coutnersign-images job to the tag pipeline in GitLab.com that will
   1. Get the list of public images that has been pushed to registry.gitlab.com by sync-images-gitlab-com job in the dev.gitlab.org tag pipeline
   2. For each image in the list, verify that the image has been signed by the public key
   3. Sign the image using GitLab.com OIDC provider
   4. Countersign the image and both signatures using OIDC and push everything to reigstry.gitlab.com
2. As part of sync-images-gitlab-com job in the tag pipeline running in dev.gitlab.org project
   1. Find out the corresponding tag pipeline in GitLab.com (Wait for it if it isn't present yet)
   2. Trigger the countersign-images job in the tag pipeline in GitLab.com.