pipeline1 - bridge to no-poetry, slim image, faster manifest.sh

this change provides a bridged pathway between poetry-based pipeline-runner and non-poetry-based pipeline-runner, plus a few small accouterments.

tests:

• with current image (0.12.0)
  • https://code-ib-zelda.staging.dso.mil/dsop/cgeary/ubi9-micro/-/pipelines/44281
  • https://code-ib-zelda.staging.dso.mil/dsop/cgeary/ib-oscap-debian/-/pipelines/44286
• with new image
  • https://code-ib-zelda.staging.dso.mil/dsop/cgeary/ubi9-micro/-/pipelines/44276
  • https://code-ib-zelda.staging.dso.mil/dsop/cgeary/ib-oscap-debian/-/pipelines/44288

3 new CICD vars:

• PIPELINE_IMAGE set the image used by the CICD pipeline
  • default: registry1.dso.mil/ironbank-apps/ironbank-pipelines/pipeline-runner:0.12.0
• ENABLE_BUILTIN use the ironbank-pipeline and ironbank-modules built-in to the pipeline-runner image
  • default: ""
• ENABLE_TAR enable the create-tar CICD job
  • default: true

overview of new image:

• drops poetry
• no longer includes scanner tars (debian.tar, suse.tar) used by oscap
• drops awscli
• adds crane
• smaller (~500MiB)

pipeline modifications to support the above:

• setup/setup and .setup_modules scripts now support three "modes": builtin, poetry, or ref
  • builtin (ENABLE_BUILTIN) uses the ironbank-modules and ironbank-pipeline installed at pipeline-runner build
  • poetry uses the TARGET_BRANCH and MODULES_TAG when poetry is present
  • ref uses the TARGET_BRANCH and MODULES_TAG when poetry is not present
• oscap_scan.sh pull ib-oscap-debian/suse via registry when needed (<100 images)
• oscap_scan.sh for downloading oscap ovals, awscli if present, otherwisee boto3
• manifest.sh for manifest-list digest sha lookup, crane if present, otherwise podman pull image

cicd:

• add release stage