Migrate provisioner workflow to ops-gitlab-net

This issue is broken out from #243 (closed) due to the increasing scope.

Having provisioner run in ops.gitlab.net would let it expand its scope of responsibilities to provisioning GCP projects of runway services which could be mission-critical to gitlab.com, e.g. Cells Topology service.

Action items

Phase 1: Get provisioner project up in ops; pipeline to run in gitlab-com

• Create runway group in ops.gitlab.net using infra-mgmt
• Create provisioner project using infra-mgmt
• Update provisioner's .gitlab-ci.yml to not run build/deploy/release/renovate-bot stages in the ops environment until tf state is migrated.
• Set up push-mirror. gitlab.com mirrors to ops.gitlab.net, all user-facing work to be done on gitlab.com's provisioner project (https://gitlab.com/gitlab-com/gl-infra/infra-mgmt/-/merge_requests/814)

Phase 2: Pipeline to run in ops-gitlab-net

• Create gcs bucket for storing tf state - https://ops.gitlab.net/gitlab-com/gl-infra/config-mgmt/-/merge_requests/8590
• Migrate terraform state to GCS bucket as part of a change management issue.
• integrate woodhouse into provisioner for checking on mirror and notifying canonical
• Update .gitlab-ci.yml post-migration to perform terraform operations in ops only.

Closing summary

The default branch pipeline in ops now runs the full pipeline (except pages): https://ops.gitlab.net/gitlab-com/gl-infra/platform/runway/provisioner/-/jobs/14513602.

terraform plan will be carried out on canonical MR and ops default branches.

Manual sync can be used if mirroring delays which happens occasionally.