Hermetic build of cachi2 image using Docker multi-stage building

[eskultety]

Draft PR on a what is to become a hermetic build of cachi2 itself based on the multi-stage Dockerfile feature where we copy over the most problematic bits we could not fetch in a convenient way otherwise: Go SDKs, NodeJS's corepack and Yarn.

Maintainers will complete the following section

• [ ] Commit messages are descriptive enough
• [ ] Code coverage from testing does not decrease and new code is covered
• [ ] Docs updated (if applicable)
• [ ] Docs links in the code are still valid (if docs were updated)

Note: if the contribution is external (not from an organization member), the CI pipeline will not run automatically. After verifying that the CI is safe to run:

• approve GitHub Actions workflows by clicking a button
• approve the Red Hat Trusted App Pipeline container build by commenting /ok-to-test (as is the standard for Pipelines as Code)

[eskultety]

Latest changes:

• rebased on top of #528
• add full image registry ref for the COPY --from lines
• dropped the commit which drops the reflink dependency (to make unit tests pass)
• add signoff to all commits
• refine patches

Note that this PR will remain in a draft for a while and the latest revision won't likely build hermetically due to reflink, I just want to see if the CI is going to be happy with the changes to progress further from there. Nevertheless, comments are always welcome!

[eskultety]

Some of the work was split into individual PRs - see also:

• 528

• 544

[eskultety]

With #528 and #544 merged to main, the remaining bit here is the RPM dependency prefetch support we could start relying on. Until then, closing this PR for the time being.