As your organization migrates to Google Cloud, ensuring that only trusted container images are deployed on Google Kubernetes Engine (GKE) clusters within a project is paramount. These containers should originate from a centrally managed Container Registry and be signed by a trusted authority. What actions should you take? Choose two options: