docker-publish.yml: Use sigstore/cosign-installer@main

and use default cosign version as specified in action.yml;
see https://github.com/sigstore/cosign-installer

Hope this fixes recurrent error in signing the published Docker image
once and for all.

Author: anthonyfok

.github/workflows/docker-publish.yml

@@ -46,10 +46,11 @@ jobs:
       # https://github.com/sigstore/cosign-installer
       - name: Install cosign
         if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25
-        with:
-          cosign-release: 'v1.9.0'
+        uses: sigstore/cosign-installer@main
 
+      - name: Check cosign version
+        if: github.event_name != 'pull_request'
+        run: cosign version
 
       # Workaround: https://github.com/docker/build-push-action/issues/461
       - name: Setup Docker buildx
@@ -92,6 +93,7 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
+
       # Sign the resulting Docker image digest except on PRs.
       # This will only write to the public Rekor transparency log when the Docker
       # repository is public to avoid leaking data.  If you would like to publish