Added attestation from intermediate multi-stage build steps

Dockerfile-alpine.template

@@ -1,6 +1,8 @@
 # Alpine Linux is not officially supported by the RabbitMQ team -- use at your own risk!
 FROM alpine:{{ .alpine.version }} as build-base
 
+ARG BUILDKIT_SBOM_SCAN_STAGE=true
+
 RUN apk add --no-cache \
 	build-base \
 	dpkg-dev \
@@ -145,6 +147,8 @@ RUN $OPENSSL_INSTALL_PATH_PREFIX/bin/openssl version
 
 FROM openssl-builder as erlang-builder
 
+ARG BUILDKIT_SBOM_SCAN_STAGE=true
+
 RUN set -eux; \
 # /usr/local/src doesn't exist in Alpine by default
 	mkdir -p /usr/local/src; \

Dockerfile-ubuntu.template

@@ -2,6 +2,8 @@
 # especially for the enterprises that we, the RabbitMQ team, have to deal with
 FROM ubuntu:{{ .ubuntu.version }} as build-base
 
+ARG BUILDKIT_SBOM_SCAN_STAGE=true
+
 RUN set -eux; \
 	apt-get update; \
 	apt-get install -y --no-install-recommends \
@@ -13,6 +15,8 @@ RUN set -eux; \
 
 FROM build-base as openssl-builder
 
+ARG BUILDKIT_SBOM_SCAN_STAGE=true
+
 # Default to a PGP keyserver that pgp-happy-eyeballs recognizes, but allow for substitutions locally
 ARG PGP_KEYSERVER=keyserver.ubuntu.com
 # If you are building this image locally and are getting `gpg: keyserver receive failed: No data` errors,
@@ -145,6 +149,8 @@ RUN $OPENSSL_INSTALL_PATH_PREFIX/bin/openssl version
 
 FROM openssl-builder as erlang-builder
 
+ARG BUILDKIT_SBOM_SCAN_STAGE=true
+
 RUN set -eux; \
 	OTP_SOURCE_URL="https://github.com/erlang/otp/releases/download/OTP-$OTP_VERSION/otp_src_$OTP_VERSION.tar.gz"; \
 	OTP_PATH="/usr/local/src/otp-$OTP_VERSION"; \