feat: add plugin.yaml file to release

[wruffine-airbus-external]

The release archive does not contain the plugin.yaml file which prevents users from downloading the archive and installing the plugin offline.

This PR aims at adding the plugin.yaml file to the release archive.

[CLAassistant]

All committers have signed the CLA.

[otms61]

Thank you for having an interest in this project and submitting a PR!

I tried adding the plugin.yaml and attempting the installation.

before

> trivy plugin --debug install /tmp/trivy_plugin_referrer_0.1.4_macOS-ARM64.tar.gz
2023-05-05T01:03:33.282+0900	INFO	Installing the plugin from /tmp/trivy_plugin_referrer_0.1.4_macOS-ARM64.tar.gz...
2023-05-05T01:03:33.344+0900	INFO	Loading the plugin metadata...
Usage:
  trivy plugin install URL | FILE_PATH

Aliases:
  install, i

Flags:
  -h, --help   help for install

Global Flags:
      --cache-dir string          cache directory (default "/Users/saso/Library/Caches/trivy")
  -c, --config string             config path (default "trivy.yaml")
  -d, --debug                     debug mode
      --generate-default-config   write the default config to trivy-default.yaml
      --insecure                  allow insecure server connections
  -q, --quiet                     suppress progress bar and log output
      --timeout duration          timeout (default 5m0s)
  -v, --version                   show version

2023-05-05T01:03:33.345+0900	FATAL	plugin install error:
    github.com/aquasecurity/trivy/pkg/commands.NewPluginCommand.func1
        github.com/aquasecurity/trivy/pkg/commands/app.go:644
  - failed to load the plugin metadata:
    github.com/aquasecurity/trivy/pkg/plugin.Install
        github.com/aquasecurity/trivy/pkg/plugin/plugin.go:161
  - file open error:
    github.com/aquasecurity/trivy/pkg/plugin.loadMetadata
        github.com/aquasecurity/trivy/pkg/plugin/plugin.go:305
  - open /var/folders/yg/56szr3gj3w504fzkc5851c9w0000gn/T/trivy-plugin779091754/plugin.yaml: no such file or directory

after

> cp /path/to/plugin.yaml .

> tar -czvf trivy_plugin_referrer_0.1.4_macOS-ARM64.tar.gz *

> trivy plugin --debug install ./trivy_plugin_referrer_0.1.4_macOS-ARM64.tar.gz
2023-05-05T01:03:42.890+0900	INFO	Installing the plugin from ./trivy_plugin_referrer_0.1.4_macOS-ARM64.tar.gz...
2023-05-05T01:03:42.953+0900	INFO	Loading the plugin metadata...
2023-05-05T01:03:42.953+0900	DEBUG	Installing the plugin to /Users/saso/.trivy/plugins/referrer...
2023-05-05T01:03:42.953+0900	DEBUG	Platform found, os: darwin, arch: arm64
2023-05-05T01:03:42.953+0900	DEBUG	Downloading the execution file from https://github.com/aquasecurity/trivy-plugin-referrer/releases/download/v0.1.4/trivy_plugin_referrer_0.1.4_macOS-ARM64.tar.gz...

>

The errors are resolved, and the plugin installation is now possible. I think it's a meaningful fix.

As a point of caution, this fix does not result in a completely offline installation since the download is still triggered.

2023-05-05T01:03:42.953+0900 DEBUG Downloading the execution file from https://github.com/aquasecurity/trivy-plugin-referrer/releases/download/v0.1.4/trivy_plugin_referrer_0.1.4_macOS-ARM64.tar.gz...

If you want to run it offline from the release build, you can also directly execute it as a binary file.

> tar zxvf trivy_plugin_referrer_0.1.4_macOS-ARM64.tar.gz

> ./referrer -h
A Trivy plugin for oci referrers