Add workflow to validate UBI images pass RedHat Certification

[shaun-nx]

Proposed changes

This change adds a new workflow file, openshift-certification.yml which is responsible for validating that our UBI based images of NGF, NGINX OSS, and NGF Operator will pass the RedHad certification process.

This workflow uses RedHat Openshift Preflight tool to pre-certify images before they are published:
https://github.com/redhat-openshift-ecosystem/openshift-preflight

Closes #3909

Checklist

Before creating a PR, run through this checklist and mark each as complete.

• I have read the CONTRIBUTING doc
• I have added tests that prove my fix is effective or that my feature works
• I have checked that all unit tests pass after adding my changes
• I have updated necessary documentation
• I have rebased my branch onto main
• I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

Release notes

If this PR introduces a change that affects users and needs to be mentioned in the release notes,
please add a brief note that summarizes the change.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.01%. Comparing base (56b60b9) to head (233aed8).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #4035   +/-   ##
=======================================
  Coverage   86.00%   86.01%           
=======================================
  Files         131      131           
  Lines       14063    14063           
  Branches       35       35           
=======================================
+ Hits        12095    12096    +1     
+ Misses       1769     1768    -1     
  Partials      199      199           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[shaun-nx]

@ciarams87 I noticed that the preflight binary has a `--certification-component-id`` flag which uses something called the component PID.

I looks like NIC has this too in their workflow. I'm not sure if this is something we should add now or it should be appended later when we want to do the "full" certification workflow

 --certification-component-id string
Certification component ID from connect.redhat.com/component/view/{certification-component-id}/images
URL paramater. This value may differ from the component PID on the overview page (env: PFLT_CERTIFICATION_COMPONENT_ID)

[ciarams87]

@ciarams87 I noticed that the preflight binary has a `--certification-component-id`` flag which uses something called the component PID.

I looks like NIC has this too in their workflow. I'm not sure if this is something we should add now or it should be appended later when we want to do the "full" certification workflow

 --certification-component-id string
Certification component ID from connect.redhat.com/component/view/{certification-component-id}/images
URL paramater. This value may differ from the component PID on the overview page (env: PFLT_CERTIFICATION_COMPONENT_ID)

@shaun-nx We need that when we want to submit the results to the RH partner portal - the component ID is how it knows what product to link the results to

[ciarams87]

We need to have another think about this now that the release is done and I have more context.

For one think, I think maybe instead we should run this in the nightly instead, no need for every PR.

We should also add the option to submit the images for releases.

It might be worth investigating if we can move this into a shared location for NIC and NGF to use, as we are both doing the same thing now