Create UBI-based images for CNG

This MR adds new CNG Docker images that are based on for RHEL UBI. It contains numerous changes. The following comments can help to review them faster:

• A new image, named gitlab-ubi-build, is added. It contains any build tool and compile-time dependency that is needed for building other images. This image always tagged latest and you must only use this tag.
• A new Dockerfile, named Dockerfile.ubi, is added to 17 out of 19 existing images. This Dockerfile contains UBI specific build instructions.
• The images that don't have UBI version are alpine-certificates and cfssl-self-sign.
• At the moment we use UBI8 as the base image. All images accept UBI_IMAGE as a build argument. By default it is set to use registry.access.redhat.com/ubi8/ubi.
• These images are added to the build pipeline. They're not built by default. When UBI_PIPELINE CI variable is set to true the pipeline builds these images. In this mode the pipeline only builds UBI images.
• In UBI build mode, only EE version of Rails-based images are built (CE images are excluded).
• These images can be only built on gitlab.com. They are not part of the release process. Hence, they can be only built from feature branches.
• Utility images, such as gitlab-python, kubectl, postgresql, gitlab-go, and git-base are tagged with their specified version and -ubi extension. The rest of the images are tagged with the branch name and -ubi extension.
• These images extensively use a layering technique which builds binaries in separate images and copies dependencies from other images. For example, when an image requires Ruby or Python it copies it from gitlab-ruby or gitlab-python image. As a result, the base image of some of the UBI-based images are not the same as their non-UBI counterpart, e.g. gitlab-go is not the base image for gitlab-shell or any other image. These images are either based on ubi8 (like gitlab-elasticsearch-indexer) or gitlab-ruby (like gitlab-shell).
• There are a few minor changes to the existing images. These changes are either cosmetic, e.g. directory structure, or applied for the purpose of portability.

For testing you can pull the images:

• registry.gitlab.com/gitlab-org/build/cng/gitlab-ubi-builder:latest
• registry.gitlab.com/gitlab-org/build/cng/kubectl:1.12.10-ubi
• registry.gitlab.com/gitlab-org/build/cng/postgresql:10.9-ubi
• registry.gitlab.com/gitlab-org/build/cng/gitlab-python:3.7.3-ubi
• registry.gitlab.com/gitlab-org/build/cng/gitlab-go:1.12.9-ubi
• registry.gitlab.com/gitlab-org/build/cng/git-base:2.22.0-ubi
• registry.gitlab.com/gitlab-org/build/cng/gitlab-ruby:443-ubi-images-ubi
• registry.gitlab.com/gitlab-org/build/cng/gitlab-exporter:443-ubi-images-ubi
• registry.gitlab.com/gitlab-org/build/cng/gitlab-mailroom:443-ubi-images-ubi
• registry.gitlab.com/gitlab-org/build/cng/gitlab-redis-ha:443-ubi-images-ubi
• registry.gitlab.com/gitlab-org/build/cng/gitlab-shell:443-ubi-images-ubi
• registry.gitlab.com/gitlab-org/build/cng/gitaly:443-ubi-images-ubi
• registry.gitlab.com/gitlab-org/build/cng/gitlab-elasticsearch-indexer:443-ubi-images-ubi
• registry.gitlab.com/gitlab-org/build/cng/gitlab-rails-ee:443-ubi-images-ubi
• registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ee:443-ubi-images-ubi
• registry.gitlab.com/gitlab-org/build/cng/gitlab-task-runner-ee:443-ubi-images-ubi
• registry.gitlab.com/gitlab-org/build/cng/gitlab-unicorn-ee:443-ubi-images-ubi
• registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ee:443-ubi-images-ubi

Closes gitlab-org/distribution/team-tasks#443 (closed)