Ensure generated archives are deterministic

[edmorley]

Previously each request to cnb-shim for the same buildpack would result in a tarfile with varying contents even if the underlying buildpack hadn't changed.

This was due to:

• the dynamically generated parts of the shimmed buildpack having "now" timestamps
• the archive containing the user ID of the current dyno, which varies between dynos (and requests to cnb-shim can hit any of its web dynos, plus dynos are cycled every 24 hours).

With the changes here, repeat requests now result in an identical archive, so long as the buildpack or shim scripts haven't changed.

This helps reduce layer churn in builder images containing shimmed buildpacks, such as our new heroku/builder-classic:22 builder, or the older heroku/buildpacks:{18,22} builders.

The new tar arguments are based on those recommended here: https://reproducible-builds.org/docs/archives/

GUS-W-11277378.

[edmorley]

Example differences (prior to this PR) between archives generated from separate requests to https://cnb-shim.herokuapp.com/v1/heroku/python?version=0.0.0&name=Python:

(comparison generated using https://diffoscope.org)

[edmorley]

This + #46 deployed to production, and a heroku/builder CI run kicked off to confirm all still working: https://app.circleci.com/pipelines/github/heroku/builder/1885/workflows/727394fd-f999-4cbc-aa2e-f014ea521c93

(I'd already tested these changes briefly prior to opening the PRs, but not to the extent that the builder CI run will)

[edmorley]

Also:

$ curl -sSf 'https://cnb-shim.herokuapp.com/v1/heroku/python?version=0.0.0&name=Python' -o shimmed-python1.tar.gz
$ curl -sSf 'https://cnb-shim.herokuapp.com/v1/heroku/python?version=0.0.0&name=Python' -o shimmed-python2.tar.gz
$ sha256sum shimmed-python*
0d7fb01139bc02e9ab26c7d443a5b1c7eafa88b662e8518626e3b1c41e56e5d7  shimmed-python1.tar.gz
0d7fb01139bc02e9ab26c7d443a5b1c7eafa88b662e8518626e3b1c41e56e5d7  shimmed-python2.tar.gz