v1.14.0

What's Changed

🛠 Breaking changes

• tdx: fix --version output of RTMRs by @burgerdev in #1821
• kata: upgrade to 3.21, switch to initdata by @burgerdev in #1833

🐛 Bug fixes

• kata: support podSecurityContext.fsGroup by @burgerdev in #1850
• imagepuller: fix error propagation by @burgerdev in #1870

🔧 Other changes

• kata: upgrade to 3.19.1 by @burgerdev in #1752
• kata: reject pods without policy by @burgerdev in #1781
• kata-runtime: upgrade to 3.20.0 by @burgerdev in #1796
• cli/verifier: add VersionsMatch by @charludo in #1797
• nixos/nvidia-driver: 570.172.08 -> 580.95.05 by @katexochen in #1817
• internal: use CDI instead of guest-hook for GPU support by @charludo in #1835

📖 Documentation

• docs: remove references to incorrect vm size calculation by @davidweisse in #1773
• docs: some clarifications and minor refactors in vault howto by @charludo in #1777
• docs: refactor encrypted storage tutorial into how-to by @charludo in #1758
• docs: quote numerical annotation values to prevent parsing as int by @charludo in #1832
• docs: reference registry auth in sidebar by @burgerdev in #1836
• docs: dedup 'connect to coordinator' sections by @charludo in #1837
• docs: describe initdata flow by @burgerdev in #1863
• docs: remove all references to the coco project by @katexochen in #1868
• docs/runtime: update podvm image sec by @katexochen in #1867

Full Changelog: v1.13.0...v1.14.0