[docs/integration/docker] add sha pinning tip (#10955)

<!--
Thank you for contributing to uv! To help us out with reviewing, please
consider the following:

- Does this pull request include a summary of the change? (See below.)
- Does this pull request include a descriptive title?
- Does this pull request include references to any relevant issues?
-->

## Summary

<!-- What's the purpose of the change? What does it do, and why? -->

As requested in https://github.com/astral-sh/uv/issues/6565, this adds a
tip discussing the ability to pin the image to a specific SHA digest and
why it may be useful.

## Test Plan

<!-- How was it tested? -->

Start serving the documentation locally

```shell
uvx --with-requirements docs/requirements.txt -- mkdocs serve -f mkdocs.public.yml
```

Then navigate to http://127.0.0.1:8000/uv/guides/integration/docker/ to
see the tool tip being rendered properly

---------

Co-authored-by: Zanie Blue <contact@zanie.dev>

docs/guides/integration/docker.md

@@ -110,6 +110,18 @@ In either case, it is best practice to pin to a specific uv version, e.g., with:
 COPY --from=ghcr.io/astral-sh/uv:0.5.24 /uv /uvx /bin/
 ```
 
+!!! tip
+
+    While the Dockerfile example above pins to a specific tag, it's also
+    possible to pin a specific SHA256. Pinning a specific SHA256 is considered
+    best practice in environments that require reproducible builds as tags can
+    be moved across different commit SHAs.
+
+    ```Dockerfile
+    # e.g., using a hash from a previous release
+    COPY --from=ghcr.io/astral-sh/uv@sha256:2381d6aa60c326b71fd40023f921a0a3b8f91b14d5db6b90402e65a635053709 /uv /uvx /bin/
+    ```
+
 Or, with the installer:
 
 ```dockerfile