ci: Add support for installing the confidential-containers fork of containerd for integration testing

[stevenhorsman]

After #4626 is complete and have a parameter in the build jobs that knows if we are in confidential-containers mode or not, we can use this to install the confidental containers fork of containerd for integration testing purposes.

I think the steps to take are:

• we add a new cc-containerd external dependency in version.yaml, similar to https://github.com/kata-containers/kata-containers/blob/46522a3e46fcb44ce8bb22c35da31f7ff86329fd/versions.yaml#L187-L198 which points to the fork
• We manually copy/cherry-pick over the logic from

  tests/.ci/install_cri_containerd.sh

  Lines 53 to 68 in d70430e

  	install_from_branch() {
  	containerd_repo=$(get_version "externals.containerd.url")
  	warn "Using patched Confidential Computing containerd version: see https://${containerd_repo}/tree/${containerd_branch}"
  	echo "Trying to install containerd from a branch"
  	(
  	go get -d "${containerd_repo}"
  	cd "${GOPATH}/src/${containerd_repo}" >>/dev/null
  	git fetch
  	git checkout "${containerd_branch}"
  	sudo -E PATH="$PATH" make BUILD_TAGS="${BUILDTAGS:-}" cri-cni-release
  	# SH: The PR containerd version might not match the version.yaml one, so get from build
  	containerd_version=$(_output/cri/bin/containerd --version | awk '{ print substr($3,2); }')
  	tarball_name="cri-containerd-cni-${containerd_version}-${CONTAINERD_OS}-${CONTAINERD_ARCH}.tar.gz"
  	sudo tar -xvf "./releases/${tarball_name}" -C /
  	)
  	}

  to install that version for the integration tests, but instead of checking if the containerd_branch is set to trigger whether to install the forked version in
  

  tests/.ci/install_cri_containerd.sh

  Lines 86 to 88 in a58ce33

  	# For 'CCv0' we are pulling in a branch of our confidential-containers fork of containerd with our custom code
  	if [ -n "${containerd_branch}" ]; then
  	install_from_branch

  we can use the confidential-containers parameter.

See #4441 for some overall discussion of the merge

[stevenhorsman]

So just an update to this issue. At the 21st April CC meeting the confidential-containers part of merging of CCv0 into main was discussed and given the lack of progress on kata-containers/kata-containers#3996 and the information we heard from Derek MacGowan about the 1.7 release dates we agreed that rather than push ahead with our confidential-containers fork of containerd at the moment we would wait until the 1.7 beta was available at the end of next month and then try switching to that and dropping our fork (this might take a while as I believe there are some complications with rust ttrpc supporting streaming?). As a result I think we should park this issue for the short term as we don't have plans to keep this fork supported and updated longer term.