[bug] fix panic in prescan when Trivy reports no OS metadata (#188)

### Summary
This PR fixes a `nil pointer dereference` panic in `prescan` when
processing images that do not contain OS metadata (e.g., distroless or
scratch-based images such as `quay.io/prometheus/prometheus:v2.48.0`).

### Problem
Previously, `prescan` assumed that `r.Metadata.OS` was always non-nil.
When Trivy reports no OS metadata, Helmper panics at runtime: `panic:
runtime error: invalid memory address or nil pointer dereference`

### Fix
- Added a nil check for `r.Metadata.OS` in `prescan`.
- If OS metadata is absent, the image is logged and skipped (added to
`push`), rather than attempting to evaluate unsupported OS or patch
logic.

### Impact
- Helmper will now safely handle distroless/scratch images (or images
like alpine:latest with 0 OS vulns) and continue processing without
crashing.
- Users will see a warning in logs indicating the image could not be
patched, instead of a panic.

### Testing
- Verified by:
  -  Built new binary (same flags as in `.goreleaser.yaml`)
- Created full `helmper.yaml` configuration file with
prometheus-community chart (5 of the 6 images contain 0 OS vulns).
  - Ran new binary and local Zot OCI registry
- Helmper now logs the warning and continues pushing charts and images
without error.

[feat] add helm plugin config (#182)

This pull request introduces significant updates to the `helmper`
project, including the addition of a Helm plugin, installation scripts,
and enhancements to the documentation. The changes focus on improving
usability, providing installation guidance, and ensuring compatibility
with OCI-compliant registries. Below is a breakdown of the most
important changes:

### Helm Plugin Addition
* Added `plugin.yaml` to define the Helm plugin, including features like
vulnerability scanning, image patching, and artifact signing. It also
specifies installation, update, and uninstallation hooks.

### Installation and Uninstallation Scripts
* Added `scripts/install.sh` to automate the installation of the Helm
plugin, including checks for prerequisites (`cosign`, `trivy`, and
`copa`) and downloading the appropriate binary based on the OS and
architecture.
* Added `scripts/uninstall.sh` to cleanly remove the plugin binary and
its directory.

### Documentation Enhancements
* Updated `README.md` to include detailed installation and usage
instructions for the Helm plugin, along with prerequisites for specific
functionalities.
[[1]](diffhunk://#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5R173-R201)
[[2]](diffhunk://#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5L185-R210)
[[3]](diffhunk://#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5L194-R240)
* Reformatted sections in `README.md` for better readability and
consistency, such as changing headings for installation instructions.
[[1]](diffhunk://#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5L185-R210)
[[2]](diffhunk://#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5L194-R240)

### Minor Updates
* Added a disclaimer in `README.md` to indicate that `helmper` is in
beta and subject to changes.

Merge pull request #180 from ChristofferNissen/feat/output-artifacts-…

…to-json

    [feat] output artifacts overview to json

[bug] properly report errors when unable to resolve chart version (#159)

Allow to pass chart values directly

fix: clone Chart struct when handling semver ranges (#155)

[feat] fail on missing images (#150)

* add option to fail on missing valuesPaths

* refactor check to happen in viper bootstrap

* add option to fail on unavailable images in helm charts

[bug] fix stale chart when multiple registries, and stale values in i…

…mage when discovering tag (#142)

[bug] ensure dependencies in Chart.yaml has correct url to registry (#…

…139)

[bug] add charts with no images to ChartOption.Run return value (#138)