Use workflow to refresh TUF recordings for acceptance tests

[lcarva]

In #1577, we updated the TUF recordings used in the acceptance tests to use the staging deployment of Sigstore. This made it easier to manually refresh the data (required every 6 months). However, this means the image being tested is associated with my identity.

Let's create a GitHub Workflow that can execute the script to re-generate the test image and the TUF recordings, make it run periodically (monthly?), and submit a PR so all we have to do is merge it.

See this comment for additional context.

Acceptance Criteria

• A workflow exists to keep the expiring TUF data up to date.
• The identity used in the test image is not associated to an individual. Instead, it is the identity of the workflow.

[simonbaird]

As mentioned in the PR, the expiration date is quite short using this technique. Some further exploration needed.