Update source for chainguard images to cgr.dev in example enforce policies

[amdawson]

The sample policies on this page are great. I believe we've updated the URL where chainguard images are stored from ghcr.io and distroless.dev to cgr.dev, so we should update the policies accordingly.

https://edu.chainguard.dev/chainguard/chainguard-enforce/chainguard-enforce-kubernetes/chainguard-enforce-policy-examples/

@imjasonh to confirm if i'm right.

[imjasonh]

The policy enforcing signed containers from Chainguard Images looks right to me. It governs images from cgr.dev, docker.io, and ghcr.io/chainguard-dev (not -images) -- I believe the last one is because it's used in demos, e.g., ghcr.io/chainguard-dev/chainguard-nginx-demo.

The policy allowing keyless signed distroless images at the bottom may just be there for folks that happened to use the images while they were at distroless.dev.