add ghcr

[alexcos20]

1. Use arm runner from gh
2. Publish on ghcr as well.

See https://github.com/oceanprotocol/ocean-node/pkgs/container/ocean-node

[alexcos20]

/run-security-scan

[alexcos20]

AI automated code review (Gemini 3).

Overall risk: medium

Summary:
This pull request introduces support for pushing Docker images to GitHub Container Registry (GHCR) in addition to Docker Hub. It adds a dedicated build job (build-arm) for ARM64 architecture using an ARM-specific runner (ubuntu-24.04-arm), enabling true multi-architecture image builds. The workflow is refactored to handle separate logins, builds, pushes, and manifest list creations for both registries and architectures. It also upgrades actions/checkout to v6 and externalizes image names into environment variables.

Comments:
• [INFO][style] The condition github.event_name == 'pull_request' in this line now results in the same ["linux/amd64"] platforms for both pull_request and other events. While this simplifies, please confirm if the original intention to have different platforms for PRs vs. main builds is still desired for the build job. If not, consider simplifying it further to just fromJSON('["linux/amd64"]').
• [WARNING][other] The QEMU image tonistiigi/binfmt:qemu-v8.0.4 has been commented out. Is this intentional? If it's no longer needed or if the action provides a sufficient default, it can be removed. If it's commented out for a specific reason (e.g., debugging, temporary removal), please add a brief comment explaining why.
• [INFO][other] The build-arm job uses runs-on: ubuntu-24.04-arm. Please ensure that this self-hosted runner or GitHub-provided runner type is available and correctly configured in the repository's settings, especially given it's a newer runner image.
• [INFO][style] Similar to line 25, the platform condition github.event_name == 'pull_request' is redundant here as both paths yield ["linux/arm64"]. Consider simplifying it to fromJSON('["linux/arm64"]') if this behavior is intended.
• [INFO][other] The grep -E "^${DOCKERHUB_IMAGE}" command to filter tags for docker buildx imagetools create assumes that the docker/metadata-action outputs tags prefixed with the image name. This is generally true (e.g., oceanprotocol/ocean-node:main). This looks correct, but it's worth double-checking the exact output format of the metadata-action to ensure it always matches this pattern, especially for different tag types.
• [INFO][other] Similar to the Docker Hub manifest creation, the grep -E "^${GHCR_IMAGE}" command assumes the GHCR tags output by metadata-action will be prefixed with the GHCR_IMAGE name. This is standard, but good to keep in mind for future modifications or debugging.