Add go buildinfo to velero to check toolchain version used.

[kaovilai]

Thank you for contributing to Velero!

Please add a summary of your change

Does your change fix a particular issue?

Facilitates requirements similar to #8397 that may come up in the future.
Helps validate go version used to build given that go.mod or commit hash of a built binary do not tell you this information.

Please indicate you've done the following:

• Accepted the DCO. Commits without the DCO will delay acceptance.
• Created a changelog file (make new-changelog) or comment /kind changelog-not-required on this PR.
• Updated the corresponding documentation in site/content/docs/main.

[codecov]

Codecov Report

Attention: Patch coverage is 10.00000% with 9 lines in your changes missing coverage. Please review.

Project coverage is 58.93%. Comparing base (8e23752) to head (ff8496c).
Report is 26 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/buildinfo/buildinfo.go	0.00%	8 Missing ⚠️
pkg/cmd/server/server.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8398      +/-   ##
==========================================
- Coverage   58.96%   58.93%   -0.03%     
==========================================
  Files         367      367              
  Lines       38895    38911      +16     
==========================================
+ Hits        22933    22934       +1     
- Misses      14500    14515      +15     
  Partials     1462     1462              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

---

🚨 Try these New Features:

• Flaky Tests Detection - Detect and resolve failed and flaky tests
• JS Bundle Analysis - Avoid shipping oversized bundles

[kaovilai]

Is this clear enough that it is not user's local go? do we want to say Built by Go Version instead?

[reasonerjt]

Why is this necessary?

[kaovilai]

To be able to tell which golang version was used to build the code which can have implications around CVEs verification. ie someone built from a certain velero branch but used a different golang version. ie. #8397

[kaovilai]

@reasonerjt just found
https://github.com/docker/cli/blob/6c76914532de7a39a202b3ef22519da319558560/cli/command/system/version.go#L93 have this :D

Just worth noting that it is a pattern out there that build includes both commit AND golang version that built it.

❯ docker version
Client: Docker Engine - Community
 Version:           27.1.1
 API version:       1.41 (downgraded from 1.46)
+Go version:        go1.22.5
 Git commit:        63125853e3
 Built:             Fri Jul 19 17:35:01 2024
 OS/Arch:           darwin/arm64
 Context:           default

Server: linux/arm64/rhcos-4.17
 Podman Engine:
  Version:          5.2.3
  APIVersion:       5.2.3
  Arch:             arm64
  BuildTime:        2024-10-07T07:47:17Z
  Experimental:     false
  GitCommit:        
+ GoVersion:        go1.22.5 (Red Hat 1.22.5-1.el9)
  KernelVersion:    5.14.0-427.40.1.el9_4.aarch64
  MinAPIVersion:    4.0.0
  Os:               linux
 Conmon:
  Version:          conmon version 2.1.12, commit: 9b3f2e7d010b1b512d88609d3a7b9a913bbaf1e0
  Package:          conmon-2.1.12-4.rhaos4.17.el9.aarch64
 OCI Runtime (crun):
  Version:          crun version 1.17
commit: 000fa0d4eeed8938301f3bcf8206405315bc1017
rundir: /run/crun
spec: 1.0.0
 +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  Package:          crun-1.17-1.rhaos4.17.el9.aarch64
 Engine:
  Version:          5.2.3
  API version:      1.41 (minimum version 1.24)
+ Go version:       go1.22.5 (Red Hat 1.22.5-1.el9)
  Git commit:       
  Built:            Mon Oct  7 07:47:17 2024
  OS/Arch:          linux/arm64
  Experimental:     false

Leaving this closed for now.

[kaovilai]

Closing as it is deemed not necessary.