Add image digest pinning and provenance gate

[mdheller]

Context

Current deployment skeletons use mutable image tags. That is acceptable for bootstrap skeletons but release-blocking for production-ready Agent Machine runtime infrastructure.

Required outcome

Add image digest pinning and provenance requirements for release-candidate and production deployment artifacts.

Acceptance criteria

• Document image digest pinning policy.
• Define where image digest appears in AgentPod-derived plans, manifests, deployment receipts, and runtime evidence.
• Prototype/bootstrap skeletons may use tags only when explicitly marked non-production.
• Release-candidate manifests require immutable image digests.
• Provenance/SBOM reference fields are defined where available.
• Renderers can operate in a strict mode that rejects unpinned image references.

Related docs

• docs/architecture/world-class-release-gate.md
• docs/architecture/deployment-safety.md
• docs/architecture/receipt-chain.md