ci(buildkit-poc): rootless buildkitd on SaaS runner

Andrew Dunnrequested to merge
sim/buildkit-poc into main

Learning probe. NOT a component.

Asks: does rootlesskit + buildkitd --rootless on the gitlab.com SaaS Linux runner against ci-buildkit produce a signable pushed image?

  • If green → ship a real build-container-buildkit component in a follow-up.
  • If red → read the failure, decide between rootful-only, skip-buildkit, or document the runner requirement.

Marked allow_failure: true so a red result documents the gap without blocking the main pipeline or catalog tag promotion.

Merge request reports