To ensure that only images built by your trusted CI/CD pipeline are deployed to your Google Kubernetes Engine (GKE) clusters in production, what measures should you implement?