Use docker multi-stage builds to improve updating our image to new go versions

[aarongable]

Should be a minor change, but will allow more sharing/cacheing of partial images and should improve build speed.

[jsha]

Note: we already have pretty good caching of partial images. In particular, when we build for two different Go versions, everything up to through the build.sh stage is cached, and only the "install Go" steps are unique per build.

One thing I noticed in checking our scripts, though: We install Go, and then we install a bunch of Go binaries, like sql-migrate, protoc-gen-go, and golangci-lint. Those binaries take a decent amount of time to compile, and they are not really finely dependent on the Go version they were built with. What is finely dependent on the Go version it's built with is Boulder (since we rely heavily on the x509 and net/http packages, among others).

So one refinement we could make would be to install some arbitrary-but-recent version of Go inside build.sh, then uninstall it before build.sh exits. Then the amount of work done in the install-go script would be strictly limited to installing the version of Go that will be used to build and test Boulder. I estimate this would save about 730 seconds for a cross build, and 115 seconds for a native build.