[CI-only] Support per-commit dev images and fossa scanning

[mdeggies]

Description

This is a set of two CI-only changes:

1. FOSSA scanning- This opts vault into a new workflow in the CRT pipeline called fossa-scan. The fossa-scan workflow will pass regardless of any dependency licensing issues raised by fossa, but failures will be raised in #proj-oss-compliance-scanning. This will allow us to triage issues to share with the legal team, who will reach out to Vault directly if there are questions about any dependencies.

2. DEV TAGS- This opts vault into a new workflow in the CRT pipeline called promote-dev-docker. Dev docker images will be built and tagged, signed/scanned, and pushed to the hashicorppreview/vault and hashicorppreview/vault-enterprise repos on DockerHub whenever a commit is made to the default or active release branches. Dev tags will follow a standard naming convention that we have rolled out to other projects. For example, on branch release/1.11.x, dev images will be tagged hashicorppreview/vault:1.11-dev and hashicorppreview/vault:1.11-dev-$COMMITSHA. hashicorppreview/vault:1.11-dev will be kept up to date with the latest builds from branch release/1.11.x for folks looking to grab the latest docker image from the tip of an active release branch or main. You can view the docker image built/pushed from my first commit in this branch here: https://hub.docker.com/r/hashicorppreview/vault/tags.

Testing & Reproduction steps

1. The fossa-scan workflow ran on the first commit here https://github.com/hashicorp/vault/runs/7240167916 and this produced the fossa report available here https://github.com/hashicorp/crt-workflows-common/runs/7240122676?check_suite_focus=true. The scan raised a few new issues that the legal team will look into here: https://hashicorp.slack.com/archives/C01JSHNP10B/p1657222057278649.

2. The docker dev images from my first commit are available here: https://hub.docker.com/r/hashicorppreview/vault/tags.