updatecli: automate the Ironbank bumps

[v1v]

What does this PR do?

Enable updatecli policies to bump the Ironbank versions automatically, then #3787 won't be manually created.

Those policies can be found in https://github.com/elastic/oblt-updatecli-policies/tree/main/updatecli/policies/ (NOTE: This is a private repository only accessible by Elastic employees)

Additional changes

• Refactor the updatecli pipelines to use the values/scm.yml file.
• Remove duplicated updatecli pipeline, see https://github.com/elastic/elastic-agent/blob/main/.github/updatecli-bump-golang.yml vs https://github.com/elastic/elastic-agent/blob/main/.ci/bump-golang.yml but the latter is not used in

  elastic-agent/.github/workflows/bump-golang.yml

  Line 28 in 6bb6b1e

  run: updatecli apply --config .github/updatecli-bump-golang.yml

• cherry-pick changes in Keep go.mod toolchain version in sync with .go-version contents #4636

Why is it important?

One less thing to be worried about.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in ./changelog/fragments using the changelog tool
• I have added an integration test or an E2E test

Disruptive User Impact

How to test this PR locally

1. gh pr checkout 5367
2. Install updatecli
3. Login to ghcr.io
4. Diff

$ updatecli compose diff --experimental

**Dry Run enabled**

"dev-tools/packaging/templates/ironbank/hardening_manifest.yaml.tmpl" updated with [dry run] content "BASE_TAG: \"9.4\""

--- dev-tools/packaging/templates/ironbank/hardening_manifest.yaml.tmpl
+++ dev-tools/packaging/templates/ironbank/hardening_manifest.yaml.tmpl
@@ -14,7 +14,7 @@
 # Build args passed to Dockerfile ARGs
 args:
   BASE_IMAGE: "redhat/ubi/ubi9"
-  BASE_TAG: "9.3"
+  BASE_TAG: "9.4"
   ELASTIC_STACK: "{{ beat_version }}"
   ELASTIC_PRODUCT: "elastic-agent"

...
⚠ deps: Bump ironbank version:
	Source:
		✔ [ubi_version] Get ubi version from https://repo1.dso.mil/dsop/redhat/ubi/9.x/ubi9
	Target:
		✔ [dockerfile_ironbank] deps(ironbank): Bump ubi version to 9.4
		⚠ [hardening_manifest_ironbank.yaml] deps(ironbank): Bump ubi version to 9.4

5. Create Pull Request

$ GITHUB_REPOSITORY=elastic/elastic-agent \
  GITHUB_ACTOR=v1v \
  GITHUB_TOKEN=$(gh auth token) \
  updatecli compose apply --experimental
...
Existing GitHub pull request found: https://github.com/elastic/elastic-agent/pull/5423

UDASH - EXPERIMENTAL
=====================

Skipping as no Udash configuration file found at /Users/vmartinez/Library/Application Support/updatecli/udash.json

=============================

SUMMARY:

✔ deps(updatecli): bump all policies:

⚠ deps: Bump ironbank version:
	Source:
		✔ [ubi_version] Get ubi version from https://repo1.dso.mil/dsop/redhat/ubi/9.x/ubi9
	Target:
		✔ [dockerfile_ironbank] deps(ironbank): Bump ubi version to 9.4
		⚠ [hardening_manifest_ironbank.yaml] deps(ironbank): Bump ubi version to 9.4

Related issues

See elastic/apm-server#13934

Questions to ask yourself

• How are we going to support this in production?
• How are we going to measure its adoption?
• How are we going to debug this?
• What are the metrics I should take care of?
• ...

[elastic-sonarqube]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

[blakerouse]

Looks good.