How can you ensure that only container images successfully built by your trusted CI/CD pipeline are deployed to production in your Google Kubernetes Engine (GKE) clusters?