fix(ci): gate :latest Docker tag to non-beta builds

The shared publish_docker_image.yml template was copied into both
public repos by sync-releases — evolution-go (stable) and
evolution-go-beta. Every beta build pushed both :X.Y.Z-beta AND
:latest to evoapicloud/evolution-go, overwriting the stable :latest
with obfuscated beta code. Anyone doing `docker pull evolution-go:latest`
between the last beta push and the next stable release was getting
beta code in production.

Two changes:
1. Tag :latest only when VERSION does not contain "-beta" (via
   docker/metadata-action enable= condition). Beta builds keep
   pushing :X.Y.Z-beta; stable builds keep pushing :X.Y.Z + :latest.
2. Drop the `tags: ["*.*.*"]` trigger. sync-releases pushes the
   branch commit AND the tag simultaneously, which caused a duplicate
   build per release. The `branches: [main]` trigger alone covers it.

This template reaches both public repos on the next sync, so both
evolution-go and evolution-go-beta will pick up the fix. Recovery of
the currently-contaminated :latest happens automatically on the next
stable release push (develop→main merge for v0.7.1).

Author: DavidsonGomes

tools/build-dist/templates/.github/workflows/publish_docker_image.yml

@@ -4,8 +4,6 @@ on:
   push:
     branches:
       - main
-    tags:
-      - "*.*.*"
 
 jobs:
   build_deploy:
@@ -31,7 +29,7 @@ jobs:
           images: evoapicloud/evolution-go
           tags: |
             type=raw,value=${{ steps.version.outputs.version }}
-            type=raw,value=latest
+            type=raw,value=latest,enable=${{ !contains(steps.version.outputs.version, '-beta') }}
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3