build/bake: use signing config for GHA cache signing

[crazy-max]

follow-up docker/actions-toolkit#931

GitHub Actions cache blob signing fails with cosign v3.0.4 when BuildKit signs a GitHub Actions cache index.

The generated signing command combines --use-signing-config with --tlog-upload=false:

cosign sign-blob \
  --yes \
  --oidc-provider github-actions \
  --new-bundle-format \
  --use-signing-config \
  --bundle "$out_file" \
  --tlog-upload=false \
  "$in_file"

Cosign no longer supports disabling transparency log upload with --tlog-upload=false when --use-signing-config or --signing-config is used:

#30 signing cache index sha256:578e247ddaa7e6407cafb755a648345d27e6b60c09be18cf4209115cf4ba9dda
#30 ERROR: signing command failed: + cosign sign-blob --yes --oidc-provider github-actions --new-bundle-format --use-signing-config --bundle /tmp/tmp.CPdLbl '--tlog-upload=false' /tmp/tmp.Kohobl
Flag --tlog-upload has been deprecated, prefer using a --signing-config file with no transparency log services
Error: --tlog-upload=false is not supported with --signing-config or --use-signing-config. Provide a signing config with --signing-config without a transparency log service, which can be created with `cosign signing-config create` or `curl https://raw.githubusercontent.com/sigstore/root-signing/refs/heads/main/targets/signing_config.v0.2.json | jq 'del(.rekorTlogUrls)'` for the public instance

The signing config is now expected to define whether transparency log services are available. Passing --tlog-upload=false alongside --use-signing-config makes cosign fail before it writes the bundle.