Allow provenance attestation to be disabled when building the docker image

[AlfonsoUceda]

Would you allow to disable provenance mode as config to pass to the docker buildx build command?

Not sure if people use it but would be nice to have an option to disable it.

In case you want to know more about it: https://docs.docker.com/build/attestations/slsa-provenance/

[kohkimakimoto]

I created a PR to implement the provenance option. Please see #972.

[acidtib]

Turning off provenance may be acceptable for development or internal builds but is typically not recommended for production or widely distributed images where security, auditing, and transparency are critical.