Use commit-timestamp in tasks in pursuit of reproducible builds

[ralphbean]

There are lots of challenges to producing bit-wise reproducible builds. One of them is to get all tools all the way through the build chain to use the same time. See https://reproducible-builds.org/docs/ and in particular https://reproducible-builds.org/docs/source-date-epoch/

• We should expose commit-timestamp as SOURCE_BUILD_EPOCH in all of our tasks. Not all tools respect that, but it is the standard environment variable that they should respect.
• Notably, buildah doesn't respect it, but it does accept a --timestamp argument that will help produce the same bits, assuming that nothing inside the containerfile being built is not sensitive to the time.
• We should also provide a --build-arg SOURCE_BUILD_EPOCH=$SOURCE_BUILD_EPOCH to each buildah build, so that if a containerfile accepts that as an ARG, it can take advantage of that.

Doing these things won't give us all 100% bit-wise reproducible builds, but it will close some gaps in that direction.