Don't regenerate attestation when image wasn't rebuilt

[vvoland]

Description

• related to: Cached docker builds give non-reproducible digests with containerd-integration moby#48391

Currently attestations are always regenerated, even when the produced image doesn't change because the result is already in cache.
This causes the digest of the resulting image change for every build request.

On Docker side, this is an unexpected default behavior.
We need an option to instruct Buildkit to not regenerate the attestation for an image which wasn't rebuilt.

[tonistiigi]

Provenance attestation is a record of invoking a build. Two completely different builds at completely different times can produce the same result. If the build was completely cached(in buildkit builds are never completely cached as every execution, eg. loading a Dockerfile is a build step), then that is what the provenance attestation is conveying.

[vvoland]

Right, I'm not debating that. That's why this could be an optional flag.

[tonistiigi]

We already have a flag for disabling attestations. Just set --provenance=false if you want to opt out.

[vvoland]

I don't want to opt-out of attestations completely - I just want to change it only when the image wasn't created from cache.