Unspecified AWS Nitro CLI

[gbryant-arm]

Describe the bug
A Nitro-enabled environment must allow to 1) build a Nitro image (EIF), 2) run and manage it.
In Veracruz, we typically perform 2 on an EC2 instance and 2 in a container on the same EC2 instance.
However the documentation (https://github.com/veracruz-project/veracruz/blob/main/docs/NITRO_INSTRUCTIONS.md) doesn't specify which version of AWS Nitro CLI should be installed on the "Nitro host" (e.g. ec2 instance), and which one should be installed in the "Nitro container" (the container on the Nitro host from which Veracruz-Nitro and the EIF Nitro image are built).
As a result it is possible that the Nitro host and Nitro container get out of sync and use different versions of AWS Nitro CLI, resulting in bugs at build time (cf. Linuxkit bug where the -docker argument is unsupported).

To Reproduce

• Install an old version of AWS Nitro CLI tools on the host:

  sudo yum install aws-nitro-enclaves-cli-1.1.0-0.amzn2.x86_64
  sudo yum install aws-nitro-enclaves-cli-devel-1.1.0-0.amzn2.x86_64
  

• Install a newer version of AWS Nitro CLI tools in the container:

... cf. docker/Makefile with AWS_NITRO_CLI_REVISION=v1.2.1

Explanation
The AWS Nitro CLI blobs (/usr/share/nitro_enclaves/blobs) get mapped into the container, which ends up using them instead of the ones matching its nitro-cli.

Solution

• Make sure the versions of AWS Nitro CLI match on the host and container. Specify the version in the doc?