This PR fixes two things:

1. The policy did not work as intended, since it checked if images were signed by a Github Action with the filename build.yml. This is true for our operators, but not for products. So it was possible to install our operators but Pods from products were wrongly blocked from starting (the filename in case of products is release.yml). It does not really make sense to check the filename anyway, so I relaxed the regex in that regard.

2. The policy is now more strict in other regards, because it requires that the Github Action was triggered for a commit tagged with a version number (= a release tag). The regex part @refs/tags/\d[\d\.]+ checks that the tag starts with a digit and that digit is followed by other digits or dots. We could also make it @refs/tags/\d+\.\d+\.\d+, the other variant is just a bit more flexible and would for example also allow 24.7 instead of 24.7.0.
   This means that the policy would now by default block the creation of Pods with dev images, even if they are signed. I explained this in the documentation. The example policy is intended for production use with release images only, but the regex can be relaxed to allow dev images as well.