fix(ci): run attestation and vuln scan concurrently in release workflow

Previously image-vuln-scan blocked attest, adding unnecessary latency
to the release pipeline. Both jobs only need build and docker-manifest
to complete. Now they run in parallel, and publish waits for both
before marking the release as non-draft.

Author: dims

.github/workflows/on-tag.yaml

@@ -259,7 +259,7 @@ jobs:
   attest:
     name: Attest Images
     runs-on: ubuntu-latest
-    needs: [build, docker-manifest, image-vuln-scan]
+    needs: [build, docker-manifest]
     if: needs.build.outputs.release_outcome == 'success'
     timeout-minutes: 10
     permissions:
@@ -305,7 +305,7 @@ jobs:
   publish:
     name: Publish Release
     runs-on: ubuntu-latest
-    needs: [attest]
+    needs: [attest, image-vuln-scan]
     timeout-minutes: 5
     permissions:
       contents: write