Backport of VAULT-31402: Add verification for all container images into release/1.18.x

[hc-github-team-secure-vault-core]

Backport

This PR is auto-generated from #28605 to be assessed for backporting due to the inclusion of the label backport/1.18.x.

🚨

Warning automatic cherry-pick of commits failed. If the first commit failed,
you will see a blank no-op commit below. If at least one commit succeeded, you
will see the cherry-picked commits up to, not including, the commit where
the merge conflict occurred.

The person who merged in the original PR is:
@ryancragun
This person should manually cherry-pick the original PR into a new backport PR,
and close this one when the manual backport PR is merged in.

merge conflict error: POST https://api.github.com/repos/hashicorp/vault/merges: 409 Merge conflict []

The below text is copied from the body of the original PR.

---

Description

Add verification for all container images that are generated as part of the build. Before this change we only ever tested a limited subset of "default" containers based on Alpine Linux that we publish via the Docker hub.

Now we support testing all Alpine and UBI based container images. We also verify the repository and tag information embedded in each by deploying them and verifying the repo and tag metadata.

This does change the interface quite a bit. We now take in an archive image and set image/repo/tag information based on the scenario variants.

To enable this I also needed to add tar to the UBI base image. It was already available in the Alpine image and is used to copy utilities to the image when deploying and configuring the cluster via Enos.

Since some images contain multiple tags we also add samples for each image and randomly select which variant to test on a given PR.

TODO only if you're a HashiCorp employee

• Backport Labels: If this PR is in the ENT repo and needs to be backported, backport
  to N, N-1, and N-2, using the backport/ent/x.x.x+ent labels. If this PR is in the CE repo, you should only backport to N, using the backport/x.x.x label, not the enterprise labels.
  • If this fixes a critical security vulnerability or severity 1 bug, it will also need to be backported to the current LTS versions of Vault. To ensure this, use all available enterprise labels.
• ENT Breakage: If this PR either 1) removes a public function OR 2) changes the signature
  of a public function, even if that change is in a CE file, double check that
  applying the patch for this PR to the ENT repo and running tests doesn't
  break any tests. Sometimes ENT only tests rely on public functions in CE
  files.
• Jira: If this change has an associated Jira, it's referenced either
  in the PR description, commit message, or branch name.
• RFC: If this change has an associated RFC, please link it in the description.
• ENT PR: If this change has an associated ENT PR, please link it in the
  description. Also, make sure the changelog is in this PR, not in your ENT PR.

---

Overview of commits

• c8e6169

[hashicorp-cla-app]

All committers have signed the CLA.

[hashicorp-cla-app]

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

---

temp seems not to be a GitHub user.
You need a GitHub account to be able to sign the CLA.
If you have already a GitHub account, please add the email address used for this commit to your account.

_{Have you signed the CLA already but the status is still pending? Recheck it.}

[github-actions]

CI Results:
All Go tests succeeded! ✅

[github-actions]

Build Results:
Build failed for these jobs: test-containers:failure. Please refer to this workflow to learn more: https://github.com/hashicorp/vault/actions/runs/11219759868