fix: add required permissions for GitHub Actions attestations

Add id-token and attestations permissions to Docker workflow:
- id-token: write - Required for OIDC token generation
- attestations: write - Required for artifact attestations

Also add missing step ID to build-and-push step so attestation
step can reference the digest output.

Fixes: Error: Failed to get ID token: Unable to get
ACTIONS_ID_TOKEN_REQUEST_URL env variable

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

.github/workflows/docker.yml

@@ -20,6 +20,8 @@ jobs:
     permissions:
       contents: read
       packages: write
+      id-token: write
+      attestations: write
 
     steps:
       - name: Checkout repository
@@ -51,6 +53,7 @@ jobs:
             type=raw,value=latest,enable={{is_default_branch}}
 
       - name: Build and push Docker image
+        id: build-and-push
         uses: docker/build-push-action@v5
         with:
           context: .