Fix workhorse fips builds for golang 1.19

What does this MR do and why?

Adds a new flag to enable the use of the boringcrypto codepath in golang 1.19 (our fips builds use this codebase, patched to use openssl).

This is necessary for any of our go binaries that use the boring module, or the labkit module (which uses the boring module in fips mode).

Also introduced some new build images that come with exiftool already, and switched to using the build images repo for the fips tests so we can test that multiple versions of go are working in fips mode.

How to set up and validate locally

You can use a ubi fips docker image we build for gitaly for testing (you need the fips go version hence why the docker image is likely easiest):

Golang 1.19 fips registry.gitlab.com/gitlab-org/gitlab-build-images/ubi-8.6-ruby-3.0-golang-1.19-rust-1.65:rubygems-3.4-git-2.36-exiftool-12.60

Golang 1.18 fips registry.gitlab.com/gitlab-org/gitlab-build-images/ubi-8.6-ruby-3.0-golang-1.18-rust-1.65:rubygems-3.4-git-2.36-exiftool-12.60:

1. Clone and cd into the workhorse directory in this branch
2. Run export FIPS_MODE=1
3. Run make test
4. Locate the built workhorse binary
5. go tool nm $(BINDIR)/gitlab-workhorse | grep boringcrypto should return output and not error

Both 1.19 and 1.18 should succeed

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.