See if we can avoid the time-cost of docker load when an identical image already exists in the registry

[anttiharju]

Iteration has to be fast. I'm thinking we can get some kind of 'digest sha' out of the nix build, and use that as ci container image tag. That way we can avoid the expensive operation of docker load.

Currently there is already a setup for comparing the docker container digest shas (which can be left in) but we would really like to avoid the docker load cost if at all possible.

[anttiharju]

I think there be dragons here (referring to latest when no changes potentially breaks things when multiple developers are involved)

[anttiharju]

we could use a "nix container digest" as the tag but I suppose some sort of release-commit integration would be necessary to solve the multiple-developers problem

[anttiharju]

but storing it in a file gets messed with by the actions/checkout creating a "merge commit", so just mandating that PR has to be on latest is potentially enough. It's a hard problem.

[anttiharju]

I think having the "nix container digest" as the tag is worthwhile to attempt

[anttiharju]

This would be a pretty huge win:

2m39s would be reduced down to 1m10s