[BRE-2039] ci(docker): add distroless FIPS Dockerfile.gov variants

[fntyler]

🎟️ Tracking

BRE-2039

📔 Objective

Add Chainguard FIPS (Dockerfile.gov) build variants for the server services.

• Add Dockerfile.gov for all services on cgr.dev/bitwarden.com FIPS images
• Run services distroless on dotnet-runtime-fips:10 as nonroot (uid 65532)
• Replace entrypoint.sh with a direct exec entrypoint; log to stdout
• Drop gosu/shadow/curl/krb5 and in-image healthchecks (k8s probes)
• Target linux/amd64 and linux/arm64 with a fail-fast platform guard
• Keep MsSqlMigratorUtility on dotnet-runtime-fips:10-dev (shell entrypoint)
• Add the build-chainguard CI job

📸 Screenshots

[sonarqubecloud]

Quality Gate passed

Issues
25 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 61.21%. Comparing base (eec4ece) to head (522cdcb).
⚠️ Report is 13 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7875      +/-   ##
==========================================
+ Coverage   61.20%   61.21%   +0.01%     
==========================================
  Files        2214     2219       +5     
  Lines       98033    98052      +19     
  Branches     8848     8846       -2     
==========================================
+ Hits        59997    60019      +22     
+ Misses      35921    35918       -3     
  Partials     2115     2115              

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.