Stop uploading Omnibus packages to PackageCloud and split deploy into a separate job

What does this MR do?

Re-applies !9213 (merged) (reverted in !9233 (merged) due to an auto-deploy incident) with additional fixes for the root cause of that incident.

Re-apply: Stop uploading Omnibus packages to PackageCloud (!9213 (merged))

As we are decommissioning PackageCloud (PC), make the PC jobs optional so we can test and rollback if needed with only an env var change.

• Add .skip_unless_packagecloud_enabled rule to skip jobs when PACKAGECLOUD_ENABLED is not true
• Apply the rule to all jobs uploading to PackageCloud
• Refactor staging upload templates to separate packagecloud and pulp concerns:
  • .staging_upload_template is now a shared base (common settings: stage, image, script, cache, retry, tags)
  • .packagecloud_staging_upload_template extends the base, with INCLUDE_PACKAGECLOUD: "true" and the packagecloud-specific rules
  • .pulp_staging_upload_template extends the base with pulp-specific settings
  • Derived packagecloud templates carry the packagecloud_ prefix: .packagecloud_fips_staging_upload_template, etc.
• Refactor production release templates with the same pattern:
  • .production_release_template is now a shared base
  • .packagecloud_production_release_template extends the base with INCLUDE_PACKAGECLOUD: "true" and packagecloud-specific rules
  • .pulp_production_release_template extends the base with pulp-specific settings
  • .fips_release_template renamed to .packagecloud_fips_release_template

Fix: Split deploy and upload into separate jobs (!9225 (merged))

The root cause of the auto-deploy incident (!9233 (merged)) was that .packagecloud_staging_upload_with_rc_deployment_template was hiding both upload and deploy logic inside a single job. When PackageCloud was disabled, the deploy step was silently skipped along with it.

• Remove .packagecloud_staging_upload_with_rc_deployment_template
• Ubuntu-20.04-staging now extends .packagecloud_staging_upload_template (upload only)
• Add deployer-trigger job in a new deploy stage, running after Ubuntu-20.04-staging-pulp, making the deployment step explicit and independent of PackageCloud
• deployer-trigger only runs on RC pipelines when DEPLOYER_TRIGGER_TOKEN is set, expressed via CI rules rather than a bash condition

Related issues

Ref:

• https://gitlab.com/gitlab-org/omnibus-gitlab/-/work_items/9552+
• https://gitlab.com/gitlab-org/build/team-tasks/-/work_items/177+

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion.

Required

• MR title and description are up to date, accurate, and descriptive.
• MR targeting the appropriate branch.
• Latest Merge Result pipeline is green.
• When ready for review, MR is labeled workflowready for review per the Distribution MR workflow.
• The UBT version and corresponding checksum hash have been updated and referenced in the merge request if applicable.
  • UBT EE pipeline (Trigger:ee-package-ubt) is green

For GitLab team members

If you don't have access to this, the reviewer should trigger these jobs for you during the review process.

• The manual Trigger:ee-package jobs have a green pipeline running against latest commit.
  • To debug QA failures, refer to the Investigate QA failures section.
• If config/software or config/patches directories are changed, make sure the build-package-on-all-os job within the Trigger:ee-package downstream pipeline succeeded.
• If you are changing anything SSL related, then the Trigger:package:fips manual job within the Trigger:ee-package downstream pipeline must succeed.
• If CI configuration is changed, the branch must be pushed to dev.gitlab.org to confirm regular branch builds aren't broken.

Expected (please provide an explanation if not completing)

• Test plan indicating conditions for success has been posted and passes.
• Documentation created/updated.
• Tests added.
• Integration tests added to GitLab QA.
• Equivalent MR/issue for the GitLab Chart opened.
• Validate potential values for new configuration settings. Formats such as integer 10, duration 10s, URI scheme://user:passwd@host:port may require quotation or other special handling when rendered in a template and written to a configuration file.