chore: Swap TAG_SUFFIX for SCANNER_TAG

[msugakov]

When looking at collector (stackrox/collector#1694), I realized I did a bit of mess in my earlier #1527.

Here I get rid of TAG_SUFFIX variable and inject the full tag via RELEASE_TAG environment variable. See

scanner/Makefile

Lines 13 to 21 in 631dea9

	TAG := # make sure tag is never injectable as an env var
	ifdef CI
	ifneq ($(NIGHTLY_TAG),)
	TAG := $(NIGHTLY_TAG)
	else ifneq ($(RELEASE_TAG),)
	TAG := $(RELEASE_TAG)
	endif
	endif

I also inject a value into the version label in all four built containers. Similar to stackrox/collector#1694, if/when we'll need to re-tag, we will take care of the label then. Mentioned that in ROX-24468.

Testing:

• 4 Konflux-built images still have -fast in the tag.
• 4 Konflux-built images have -fast in version label.
• GHA-built images don't have -fast in tag or label.
• Konflux-built scanner and slim-scanner have -fast version in github.com/stackrox/scanner/pkg/version.Version.

For the last item, smoke-tested build, seeing proper thing in logs:

{"Event":"Running Scanner version: 2.33.x-80-gc60f8fc954-fast","Level":"info","Location":"main.go:293","Time":"2024-06-05 17:39:50.747575"}

and

{"Event":"Running Scanner version 2.33.x-80-gc60f8fc954-fast in Node Inventory mode","Level":"info","Location":"main.go:280","Time":"2024-06-05 17:43:45.267545"}

Both image and node scanning seem to work.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[RTann]

Makefile change LGTM. I'll leave the rest to someone with more Konflux expertise, though

[kylape]

My understanding is that this PR prevents the call to make tag from happening in the buildah task in favor of the one already happening in the determine-image-tag task, which is the desired behavior and is consistent with what we are doing in the other repos.