Bump actions/attest-build-provenance from 3 to 4

.github/workflows/container-image.yml

@@ -55,7 +55,7 @@ jobs:
       contents: read # Read github repository contents (actually required only for private repositories).
       packages: write # Push container images to GitHub Container Registry.
       attestations: write # Push signed build provenance attestations to the GHCR.
-      id-token: write # Required for the actions/attest-build-provenance@v3 action to generate attestations.
+      id-token: write # Required for the actions/attest-build-provenance@v4 action to generate attestations.
 
     steps:
       # Explicitly using the checkout action (instead of relying on docker/build-push-action to do it implicitly)
@@ -160,15 +160,15 @@ jobs:
 
       - name: Generate artifact attestation for GitHub Container Registry
         if: github.event_name != 'pull_request'
-        uses: actions/attest-build-provenance@v3
+        uses: actions/attest-build-provenance@v4
         with:
           subject-name: ghcr.io/${{ env.IMAGE_NAME }}
           subject-digest: ${{ steps.build-and-push.outputs.digest }}
           push-to-registry: false
 
       - name: Generate artifact attestation for Docker Hub
         if: github.event_name != 'pull_request'
-        uses: actions/attest-build-provenance@v3
+        uses: actions/attest-build-provenance@v4
         with:
           # According to the documentation [^1],
           # "index.docker.io" should be used as the registry portion of the image name when pushing to Docker Hub.