feat(container): auto-inject OCI image-metadata build-args
Summary
Adds three auto-injected `--build-arg` flags to the `container` component's `buildah build` invocation, sourced from CI predefined variables. Consumers gain chain-of-custody OCI labels (`image.version` / `.revision` / `.created`) without any per-project `.gitlab-ci.yml` plumbing.
What changes
- `templates/container/template.yml`: 3 `--build-arg` lines added to the existing `buildah build` invocation, with a comment block explaining the contract. Caller-supplied build-args continue to flow through unchanged.
- `templates/container/README.md`: documents the auto-injection and the recommended consumer Dockerfile pattern.
- `CHANGELOG.md`: Unreleased entry under `### Added`.
Backward compatibility
Fully additive. Dockerfiles that don't declare matching `ARG` lines see no effect; Docker emits an unused-build-arg warning, not a failure. The component's existing `build_args` input still works the same way.
Pairs with
Forthcoming `container-image` standard in reference, which codifies the static OCI label set Public Sector projects ship (`title` / `description` / `licenses` / `vendor="GitLab"` / `source` / `authors` / `base.name`). This MR is the plumbing-side half; the reference standard is the convention-side half.
Test plan
- CI green
- kaniko (the most prolific catalog consumer) adopted in a follow-up MR: declares the three ARGs, the three labels, and we verify via `docker inspect` that the values populate from a tag pipeline run.
- Confirm Docker's unused-build-arg warning is just a warning (not a failure) on consumers that don't declare the ARGs. Backstop: any project currently consuming the container component on this branch -- the CI run on this MR exercises it indirectly.
Followups
- Tag a `v3.1.0` after merge so consumers can pin to the version that carries the auto-injection.
- Reference `container-image` standard.
- Estate sweep: apply the consumer-side pattern to kaniko first, then postern / tach / manifold / serviceping-archive / p1-vp-generator.