Implement "drop install"

[puerco]

This pull request introduces a new release workflow, adds security and lifecycle metadata, updates dependencies, and significantly improves the user experience and flexibility of the install command. The most important changes are grouped below.

1. New Release Workflow and Metadata

• Adds a comprehensive GitHub Actions workflow (.github/workflows/continous.yaml) for releases, which automates building, verifying, generating attestations, and archiving artifacts. It includes steps for SBOM, security insights, MFA, organization, branch rules, repository attestations, vulnerability scanning, and policy verification.
• Introduces .openeox.json and SECURITY-INSIGHTS.yml files to provide project lifecycle, security support, and administrative metadata, improving compliance and transparency. [1] [2]

2. Dependency Updates

• Updates go.mod to add and update several dependencies, notably the charmbracelet/huh package and related UI and terminal libraries, which enable improved interactive CLI features. [1] [2] [3] [4] [5] [6] [7]

3. Enhanced Install Command Functionality and UX

• Refactors and extends the install command (internal/cmd/install.go):
  • Adds new flags for policy repository, timeout, quiet mode, insecure mode, install type, and binary directory.
  • Provides detailed help text and usage instructions, including how artifact selection works.
  • Validates user input more robustly, including artifact type, timeout, and binary directory.
  • Integrates a new interactive artifact selector using the charmbracelet/huh package, allowing users to choose between binary and package installs via a prompt when running interactively.
  • Supports non-interactive and scriptable installs via the --type flag and quiet mode. [1] [2]

4. Improved Progress and Event Notifications

• Updates the notifier to handle new install-related events, providing clear, user-friendly CLI output for installation progress, including sudo usage, installation type, and success messages.

5. Internal Implementation Improvements

• Ensures the default implementation of the dropper uses a specific runner for executing installation commands, improving extensibility and reliability. [1] [2]

These changes collectively provide a more robust, user-friendly, and secure installation process, while also improving project metadata and release automation.

[puerco]

/override

[miniprow]

@puerco: override applied. Note: warning: cannot verify branch protection settings (the app lacks admin permission). If enforce_admins is enabled and a non-required check is failing, the merge will still be rejected by GitHub.