docs(adr): add ADR-006 container image pinning policy

[mchmarny]

Summary

Closes #740. Adds ADR-006 setting the three-layer container image pinning policy for AICR. Mostly writing — no code changes. Unblocks the rest of the #739 supply-chain epic.

Refs #739, #748, #749, #745.

Type of Change

• Documentation update

Component(s) Affected

• Docs (docs/design/006-image-pinning-policy.md)

Implementation Notes

Three-layer policy:

1. Pin chart versions for every Helm component, no exceptions. Enforced via make bom BOM_STRICT=1 in make qualify (lands incrementally with Pin chart versions for all components in recipes/registry.yaml #748).
2. Digest-pin every image AICR overrides explicitly in-tree (the ~25-image surface today; lands incrementally with Digest-pin explicit image references in recipes #749).
3. Do NOT pin chart-default sub-images in-tree. Reproducibility for those is delivered by admission-time digest verification (Supply-chain provenance audit per component #745), not by per-sub-image override matrices that would block upstream security patches behind AICR releases.

Why this shape. The trade-off looks different at each layer:

Layer	Pin?	Cost of pinning	Cost of not pinning
Chart version	yes	tiny — Renovate-driven bumps	render drift, no audit baseline
Explicit in-tree override	yes, digest	small — Renovate handles rotation	tag-rebuild silently changes deployed bytes
Chart-default sub-image	no in-tree	very high — per-sub-image override matrix per chart	residual drift; mitigated by chart-version pin + Stage 3 admission verification

Renovate is the durable maintenance mechanism — already in place under PR #737. Patches flow as normal CI'd PRs.

Contract for new components. The ADR defines what a new helm component PR must satisfy: defaultVersion set, digest pin any image overrides, document regional/account-scoped registry overrides per the aws-efa precedent from PR #774.

No ## Status section — per project ADR convention this document covers the decision and trade-offs, not progress. Adoption sequencing is at the end as a forward-looking plan that #748 / #749 / #745 land incrementally.

Testing

unset GITLAB_TOKEN && make qualify
# Codebase qualification completed

ADRs live under docs/design/ and are explicitly excluded from the VitePress sidebar check (tools/check-docs-sidebar), so no sidebar update needed.

Risk Assessment

• Low — Pure documentation. Sets policy; doesn't touch code. Easy to revert or supersede.

Rollout notes: Future PRs that bump chart versions or add new components are expected to follow the contract in this ADR. Enforcement (CI gates) lands incrementally with #748 and #749.

Checklist

• Tests pass locally (make test with -race)
• Linter passes (make lint)
• I did not skip/disable tests to make CI green
• I added/updated tests for new functionality (n/a — docs)
• I updated docs if user-facing behavior changed (the doc itself is the change)
• Changes follow existing patterns in the codebase (matches the numbered ADR convention in docs/design/)
• Commits are cryptographically signed (git commit -S)

[github-actions]

🌿 Preview your docs: https://nvidia-preview-feat-adr-image-pinning-policy.docs.buildwithfern.com/aicr

[github-actions]

Coverage Report ✅

Metric	Value
Coverage	75.1%
Threshold	70%
Status	Pass

Coverage Badge

![Coverage](https://img.shields.io/badge/coverage-75.1%25-green)

No Go source files changed in this PR.

[dims]

LGTM

[iamkhaledh]

LGTM

[xdu31]

LGTM