[WIP] Add workflow dispatch capability to main workflow

[Copilot]

• Add workflow_dispatch trigger with tag input to docker-publish-main.yml
• Add conditional checks to existing build and merge jobs to only run on push events
• Add new manual_build job that distributes builds across multiple runners (linux/amd64, linux/arm64)
• Add new manual_merge job that merges platform-specific builds and pushes the manifest with custom tag
• Validate YAML syntax
• Run code review
• Run security analysis

Security Summary:
CodeQL identified missing explicit workflow permissions for GITHUB_TOKEN in all jobs. This is a pre-existing pattern in the original workflow and is not specific to this change. No new security vulnerabilities were introduced.

Original prompt

Can you add workflow dispatch like so to the main workflow image that allows kicking off the workflow manually with a custom tag if needed.

  workflow_dispatch:
    inputs:
      tag:
        description: The build tag to push.
        required: true
        default: "latest"

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.