Set a build-time variable to identify the docker container used

Description

I would like a tighter record of the docker container my build job is running inside. Specifically I'd like to be able to know the sha256 image hash and have this value set as an environment variable in my container.

Proposal

A new environment variable CI_JOB_IMAGE_DIGEST to be set to the full image name and sha256 hash returned from docker, eg:

$ docker inspect busybox:latest -f "{{.RepoDigests}}"
[busybox@sha256:1669a6aa7350e1cdd28f972ddad5aceba2912f589f19a090ac75b7083da748db]