Simplify goreleaser implementation

Currently we use a dind service to run goreleaser, but with code signing introduced in !2386 (merged) this makes things a bit more complicated because we launch the registry.gitlab.com/gitlab-com/gl-infra/common-ci-tasks-images/code-signer image within the goreleaser Docker image.

The code-signer image needs the OIDC credentials and other secrets to work. Because of this dind business we need to ensure these variables are passed all the way down from the job container through multiple Docker containers.

It would be simpler to build a single image that has:

• Go compiler
• C/C++ compiler
• Goreleaser
• code-signer bits

For the code-signer image, we probably need some easy way for dependent images to pull in all the scripts, binaries, certs, etc.