Summary

Add a periodic Prow job that automatically checks and updates Tekton pipeline task bundles to the latest trusted versions.

Background

CNTRLPLANE-2579 added a script (hack/tools/scripts/update_trusted_task_bundles.py) that can update pipeline task bundles to the latest trusted digests. This ticket is to automate running that script periodically.

Problem

Without automation:

• Task bundle digests can become outdated and eventually expire
• Enterprise Contract checks may fail unexpectedly
• Manual updates are easy to forget and time-consuming

Proposed Solution

Create a periodic Prow job that:

1. 1. Runs on schedule (daily)
   2. Runs the script in dry mode
   3. Creates a Jira ticket for the prow jira:solve, pointing at the script to perform the update.
   4. When there are possible upgrades, it should instruct in the ticket to look at the upgrade scripts (as the previous claude command did)

Acceptance Criteria

• [ ] Periodic Prow job is configured and running
• [ ] Job checks for task bundle updates on schedule
• [ ] PRs are automatically created when updates are available
• [ ] Team is notified of available updates
• [ ] Documentation is updated with the automation process