Push artifacts to ecr

[nigelwtf]

TL;DR; This PR introduces pushing images directly to AWS Marketplace ECR, bypassing GHCR.

It ensures the media-types and manifests follow the Docker image and manifest format that Marketplace prefers (rather than OCI). Additionally, we're now pushing a multi-arch image; so Marketplace users have more options to run Kpow on machines (or K8s nodes) running on ARM platforms without emulation.

Before:

Our release process would require an engineer manually pulling the linux/amd64 image from GHCR, tagging it for ECR and then pushing the image.

This was susceptible to failure, and also introduces a vector for human error, as I've experienced (caused) myself; the crux being how the local Docker installation is configured (particularly the use of containerd) can break the manual release process.

Now:

release.yml will bypass GitHub Container Registry and instead push images directly to ECR with the correct tag, ready for the change request to release a new version on the Marketplace console.

We now bypass the need for having hidden settings configured correctly and avoid pesky manual sequencing.

Changes:

• New deploy_aws_marketplace.sh bash script with correct flags set to produce docker media types and manifest.
• Updated release_aws_only.yml to bypass GHCR and push directly to Marketplace ECR
• Same change for release.yml
• docker buildx pushes multi-architecture manifests to ECR
• [not included here] Corresponding AWS policy to allow the specific permissions to the specific repos required (as well as requesting an auth token)