Harden model image registration script

[codychampion]

Summary

This PR hardens scripts/register_model_image.py, which builds and registers model Docker images, fixes a real syntax issue in scripts/watcher.py, and adds a lightweight smoke workflow.

Changes include:

• Removes shell=True from Docker subprocess calls
• Passes Docker commands as argument lists to avoid shell interpolation
• Validates Docker model IDs and version tags before building commands
• Validates --metrics as a JSON object instead of silently swallowing malformed input
• Checks Dockerfile and build context paths before running Docker
• Returns non-zero exit codes on build/push failures
• Produces a valid metrics table in generated registry notes
• Fixes a Python syntax error in scripts/watcher.py caused by a backslash inside an f-string expression
• Adds a GitHub Actions smoke workflow for Python syntax and CLI help validation

Why this matters

The previous implementation interpolated user-controlled arguments into shell commands. This is risky even for internal tooling and can fail in surprising ways when paths, model IDs, or tags contain unexpected characters.

The new smoke workflow also caught an existing syntax error in scripts/watcher.py, which is now fixed.

Checks

The smoke workflow passes.

Notes

This keeps the script behavior and generated registry-note structure intact, but makes failures clearer and command execution safer. The workflow deliberately avoids installing the full ML stack so checks stay fast and reliable.