ci(deps): bump cosign to v2.2.3 to avoid sigstore TUF invalid key issue

.github/dependabot.yml

@@ -33,6 +33,22 @@ updates:
     commit-message:
       prefix: "docker"
       include: "scope"
+
+  - package-ecosystem: "github-actions"
+    directory: "/security-actions/sign-docker-image"
+    schedule:
+      interval: "daily"
+    commit-message:
+      prefix: "github-actions"
+      include: "scope"
+
+  - package-ecosystem: docker
+    directory: "/security-actions/sign-docker-image"
+    schedule:
+      interval: "daily"
+    commit-message:
+      prefix: "docker"
+      include: "scope"
 
   - package-ecosystem: "github-actions"
     directory: "/code-check-actions/luacheck"

security-actions/sign-docker-image/action.yml

@@ -45,7 +45,7 @@ runs:
       run: $GITHUB_ACTION_PATH/scripts/cosign-metadata.sh
 
     - name: Install Cosign
-      uses: sigstore/cosign-installer@v3.1.1
+      uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4
 
     - name: Check install!
       shell: bash