When installing Docker binary images, I wonder if there are reproducible builds and how I should know who I should trust. This would be something Socket.dev could address.