fix: add actions:write permission for SBOM artifact upload

Reusable workflows need actions:write to upload artifacts.
Also simplified artifact name to avoid potential character issues.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: samuelho-dev

.github/workflows/docker-build-push.yml

@@ -90,6 +90,7 @@ permissions:
   packages: write
   id-token: write
   security-events: write
+  actions: write  # Required for artifact upload in SBOM generation
 
 jobs:
   build:
@@ -200,7 +201,7 @@ jobs:
           image: ${{ inputs.registry }}/${{ github.repository_owner }}/${{ inputs.image }}@${{ steps.build.outputs.digest }}
           format: 'spdx-json'
           output-file: 'sbom.spdx.json'
-          artifact-name: ${{ inputs.image }}-sbom.spdx.json
+          artifact-name: sbom-${{ inputs.image }}
           upload-artifact: true
           upload-release-assets: false