Supply digest of images that are selected by policy

[squaremo]

You sometimes want to use the digest of an image, rather than the tag; e.g., if you are interested in exactly reproducible builds.

For that reason, it'd be useful to supply the digest of an image selected by a policy object, as well as its tag, in the status. The digest appears to be available via https://godoc.org/github.com/google/go-containerregistry/pkg/v1/remote#Head (but if not, Get in the same place). This has to be done per tags, so while we don't need metadata for sorting/selecting, the policy controller can just fetch it for those images it selects.

[barrydobson]

I'd like to see this feature added too. My use case would be that when using a tool such as Bazel to release from mono-repos, it's not really possible to use semver, as it would cause all of the services to be deployed every time a change was made. Instead I want to use timestamps as image tags, and the sha of the image in the deployments. This way I can use the alphabetical rule in the image policy, and set the sha. If the sha hasn't changed, Kubernetes won't deploy the app.