As a professional tasked with setting up an automated CI/CD pipeline for deploying applications to GKE clusters in a financial organization's production environment, how can you restrict the types and sources of container images used in deployments?