fix: allow customers to define the trusted QEMU images

[scme0]

What

There is a security risk if arbitary qemu images can be used by build steps - espcially for SaaS.

The solution is to allow customers to set a list of predetermined safe images via an env var that can be set on the helm chart. This is the last change to make that happen.

Other changes are:
engine: https://github.com/codefresh-io/engine/pull/1476
docker-builder: https://github.com/codefresh-io/cf-docker-builder/pull/68

Why

Qemu images are run in a privileged context so bad actors could get access to the host machines infrastructure from an image run as a qemu image.

Notes

Jira: https://codefresh-io.atlassian.net/browse/CR-25903

[zarbis]

wouldn't it be better to just put tonistiigi/binfmt as default value here?

[scme0]

Maybe. Are there other ways that the runtime can be deployed? I mean instead of using helm? In those cases removing the hard-coded default from the code and putting it here as a default instead would be a breaking change. And I didn't want to set the default here leading people to assume that if they set it to empty, that it would effectively stop the default from being accepted.

[zarbis]

I'm not aware of any other way. As an operator I prefer explicit configs over some source code magic. And as a safeguard I'm believer in "it's better to crash that produce unexpected result", so just fail pre-flight check on startup in case someone managed to launch it with empty list.

But that's just my opinion, waiting for someone else to chime in.

[scme0]

That's a fair opinion and I tend to agree with you. I had a bit of a closer look and it seems as though there are still customers using the CLI to install their runners in which case removing the default from the code would be a breaking change unless I also update the CLI to provide the default. In this case I think to make things easier I'll keep it as is and once the CLI is no longer used we can tidy this up.