Recently we've seen that Freshmaker is aggressively rebuilding containers in unreleased Erratas.

This results in a disconnect where the images in the errata are NEWER than those in Quay.

Since QE won't test the staging bits because [reasons] and instead base most of their tests on the Quay copies, this means they're not actually testing the images included in the product.

We should update this job
https://codeready-workspaces-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/CRW_CI/view/Releng/job/update-digests-in-registries-and-metadata/

so that it's checking osbs images instead of quay images, and if a disparity is found, the newer CVE fixed image in osbs should be pushed to quay before proceeding.

We should also consider having this job

https://codeready-workspaces-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/CRW_CI/view/Releng/job/push-latest-containers-to-quay/

run on intervals to make sure we're always up to date in Quay when things are triggered via non-Jenkins processes like Freshmaker.