WIP: use ko to build images

[imjasonh]

This is a proof-of-concept of building images with ko instead of docker, as mentioned here: #191 (comment)

This updates the dev and release GCB configs to use ko, to produce functionally equivalent images. You can find them here: https://console.cloud.google.com/gcr/images/jason-chainguard-public/GLOBAL/secrets-store-csi-driver-provider-gcp

The image is multi-arch, supporting linux/amd64 and linux/arm64, as at head. The image has licenses saved and included in the image, as at head.

The image comes with an SBOM, listing the Go modules it depends on:

$ cosign download sbom gcr.io/jason-chainguard-public/secrets-store-csi-driver-provider-gcp@sha256:cdd70fad5d45bf603d084dc882c036a68964d171f0ed9b709de6a1d7c3151daa --platform=linux/arm64 | jq -r '.packages[].name'
...
cloud.google.com/go/compute
cloud.google.com/go/iam
cloud.google.com/go/secretmanager
github.com/PuerkitoBio/purell
github.com/PuerkitoBio/urlesc
github.com/beorn7/perks
github.com/cespare/xxhash/v2
github.com/davecgh/go-spew
github.com/emicklei/go-restful/v3
...

This change also updates the git image used during release from gcr.io/cloud-builders/git (1.4 GB, 391 vulnerabilities according to Grype) to cgr.dev/chainguard/git (14 MB, 0 vulns)

I didn't update any of the e2e test infra, which still uses a Dockerfile and docker build -- let me know if you'd like me to do that as well, it seemed less important than switching the release process.

Also, feel free to close this if you'd rather not switch, I won't take it personally. 😆