Scan-logic | Update csv-output, check-cves, documentation, harbor, and s3 stages

• Add scan-logic as stage dependency to access env file

• Update csv-output, check-cves, documentation stages

  • verify correct digest and timestamps are being referenced

• Update harbor stage

  • skip uploading to harbor (old image is already there)
  • still need to run the stage though
  • will need to upload attestations (VAT response may include new findings even if digest has not changed)

• Update S3 stage

  • "documentation" generation should reference the old or new image metadata as appropriate
  • still need to upload new scans to S3

• Update unit tests as necessary

Note:

Make sure the correct (old or new) digest is used when appropriate. Also, any timestamps: use the original build timestamp when appropriate.

During development, set FORCE_SCAN_NEW_IMAGE=true at the dsop/ group level. This allows us to incrementally merge code into ironbank-pipeline without breaking the pipeline or requiring one very large MR.