Add buildkite step to run unit tests that require fips provider

[michel-laterman]

What is the problem this PR solves?

We need to be able to run tests on VMs that have a FIPS provider.

How does this PR solve the problem?

As a PoC, a buildkite step that runs FIPS=true make test-unit has been added to run on a new VM. Running this target requires msft/go (gathered by the new with_msft_go func added to common.sh) and a FIPS provider (supplied by VM).

Design Checklist

• I have ensured my design is stateless and will work when multiple fleet-server instances are behind a load balancer.
• I have or intend to scale test my changes, ensuring it will work reliably with 100K+ agents connected.
• I have included fail safe mechanisms to limit the load on fleet-server: rate limiting, circuit breakers, caching, load shedding, etc.

Checklist

• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in ./changelog/fragments using the changelog tool

[mergify]

This pull request is now in conflicts. Could you fix it @michel-laterman? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b fips-provider-tests upstream/fips-provider-tests
git merge upstream/main
git push upstream fips-provider-tests

[simitt]

@michel-laterman can you explain what is the goal of this PR is? Maybe I am not seeing what this setup would cover which isn't already covered with:

• Unit tests running with the strict go-1.24 FIPS mode enabled
• Plan to test more involved settings, eg. upgrade, gpg, TLS functionality through system tests with the platform-ingest-fleet-server-ubuntu-2204-fips image.

When running unit tests with go-microsoft, it would still fall back to std lib functionality rather than fail if non compliant algorithms are used.

[michel-laterman]

This runs the unit tests with the microsoft/go toolchain that uses the FIPS enabled OpenSSL, this is basically a sanity check that everything will work on the VM and we can start enabling/developing more FIPS related e2e tests

[elastic-sonarqube]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

[michel-laterman]

These tests are not currently required.