We need to ship a new ACM 2.12 and MCE 2.7 z stream that addresses a problem with 2.12.6 and 2.7.7 where RC1 was accidentally shipped a couple days before RC3.

EC violations blocking delivery of the same image we previously shipped:

✕ [Violation] tasks.required_untrusted_task_found
  ImageRef: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/release-mce-27/work-mce-27@sha256:7ef2d434ff3b461181f4fbead426143e21524bf70e42efb2e5f945f1a4b64b51
  Reason: Required task "sast-unicode-check-oci-ta" is required and present but not from a trusted task
  Term: sast-unicode-check-oci-ta
  Title: All required tasks are from trusted tasks
  Description: Ensure that the all required tasks are resolved from trusted tasks. To exclude this rule add
  "tasks.required_untrusted_task_found:sast-unicode-check-oci-ta" to the `exclude` section of the policy configuration.
  Solution: Make sure all required tasks in the build pipeline are resolved from trusted tasks.

✕ [Violation] trusted_task.trusted
  ImageRef: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/release-mce-27/work-mce-27@sha256:7ef2d434ff3b461181f4fbead426143e21524bf70e42efb2e5f945f1a4b64b51
  Reason: Untrusted version of PipelineTask "deprecated-base-image-check" (Task "deprecated-image-check") was included in build
  chain comprised of: deprecated-base-image-check. Please upgrade the task version to:
  sha256:462baed733dfc38aca5395499e92f19b6f13a74c2e88fe5d86c3cffa2f899b57
  Term: deprecated-image-check
  Title: Tasks are trusted
  Description: Check the trust of the Tekton Tasks used in the build Pipeline. There are two modes in which trust is verified. The
  first mode is used if Trusted Artifacts are enabled. In this case, a chain of trust is established for all the Tasks involved in
  creating an artifact. If the chain contains an untrusted Task, then a violation is emitted. The second mode is used as a
  fallback when Trusted Artifacts are not enabled. In this case, *all* Tasks in the build Pipeline must be trusted. To exclude
  this rule add "trusted_task.trusted:deprecated-image-check" to the `exclude` section of the policy configuration.
  Solution: If using Trusted Artifacts, be sure every Task in the build Pipeline responsible for producing a Trusted Artifact is
  trusted. Otherwise, ensure *all* Tasks in the build Pipeline are trusted. Note that trust is eventually revoked from Tasks
  when newer versions are made available.

Problems similar to the 2 above happen for 4 tasks:

sast-unicode-check-oci-ta

sast-snyk-check-oci-ta

sast-shell-check-oci-ta

deprecated-image-check

This violation is happening for many images, not just the sample provided above.