[8.15](backport #5367) updatecli: automate the Ironbank bumps

[mergify]

What does this PR do?

Enable updatecli policies to bump the Ironbank versions automatically, then #3787 won't be manually created.

Those policies can be found in https://github.com/elastic/oblt-updatecli-policies/tree/main/updatecli/policies/ (NOTE: This is a private repository only accessible by Elastic employees)

Additional changes

• Refactor the updatecli pipelines to use the values/scm.yml file.
• Remove duplicated updatecli pipeline, see https://github.com/elastic/elastic-agent/blob/main/.github/updatecli-bump-golang.yml vs https://github.com/elastic/elastic-agent/blob/main/.ci/bump-golang.yml but the latter is not used in

  elastic-agent/.github/workflows/bump-golang.yml

  Line 28 in 6bb6b1e

  run: updatecli apply --config .github/updatecli-bump-golang.yml

• cherry-pick changes in Keep go.mod toolchain version in sync with .go-version contents #4636

Why is it important?

One less thing to be worried about.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in ./changelog/fragments using the changelog tool
• I have added an integration test or an E2E test

Disruptive User Impact

How to test this PR locally

1. Install updatecli
2. Diff

$ updatecli compose diff --experimental

**Dry Run enabled**

"dev-tools/packaging/templates/ironbank/hardening_manifest.yaml.tmpl" updated with [dry run] content "BASE_TAG: \"9.4\""

--- dev-tools/packaging/templates/ironbank/hardening_manifest.yaml.tmpl
+++ dev-tools/packaging/templates/ironbank/hardening_manifest.yaml.tmpl
@@ -14,7 +14,7 @@
 # Build args passed to Dockerfile ARGs
 args:
   BASE_IMAGE: "redhat/ubi/ubi9"
-  BASE_TAG: "9.3"
+  BASE_TAG: "9.4"
   ELASTIC_STACK: "{{ beat_version }}"
   ELASTIC_PRODUCT: "elastic-agent"

...
⚠ deps: Bump ironbank version:
	Source:
		✔ [ubi_version] Get ubi version from https://repo1.dso.mil/dsop/redhat/ubi/9.x/ubi9
	Target:
		✔ [dockerfile_ironbank] deps(ironbank): Bump ubi version to 9.4
		⚠ [hardening_manifest_ironbank.yaml] deps(ironbank): Bump ubi version to 9.4

5. Create Pull Request

$ GITHUB_REPOSITORY=elastic/elastic-agent GITHUB_ACTOR=v1v GITHUB_TOKEN=$(gh auth token) updatecli compose apply --experimental
...
Existing GitHub pull request found: https://github.com/elastic/elastic-agent/pull/5423

UDASH - EXPERIMENTAL
=====================

Skipping as no Udash configuration file found at /Users/vmartinez/Library/Application Support/updatecli/udash.json

=============================

SUMMARY:

✔ deps(updatecli): bump all policies:

⚠ deps: Bump ironbank version:
	Source:
		✔ [ubi_version] Get ubi version from https://repo1.dso.mil/dsop/redhat/ubi/9.x/ubi9
	Target:
		✔ [dockerfile_ironbank] deps(ironbank): Bump ubi version to 9.4
		⚠ [hardening_manifest_ironbank.yaml] deps(ironbank): Bump ubi version to 9.4

Related issues

See elastic/apm-server#13934

Questions to ask yourself

• How are we going to support this in production?
• How are we going to measure its adoption?
• How are we going to debug this?
• What are the metrics I should take care of?
• ...

---

This is an automatic backport of pull request #5367 done by [Mergify](https://mergify.com).

[v1v]

unrequired, backports are not needed in this case

[elastic-sonarqube]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube