WIP: CI proposal for automated docker build & push2hub

This MR builds on top of !33 (closed), which is why I marked this as WIP until !33 (closed) is merged and we are happy with this approach.

The changes to the gitlab CI do 2 things:

• Add automated CI builds on tags that match ^release/21\.2\.\d*$ (e.g. includes release/21.2.83, but excludes release/21.2.70.0)
• Push images to dockerhub

The CI system uses the latest recommended way (since may 2019) to build the docker image via kaniko. The container building triggers only if a tag matches the common 21.2 release tag names (excluding derivation tags). I left the grid images untouched - they still build on every commit.

In a first step the atlasos images are built and pushed to dockerhub in the second stage. In a third and fourth steps the images dependent on atlasos are built and pushed to dockerhub as well. here is an example pipeline in my fork that triggered through a tag that I made.

To push to dockerhub, we have to define HUB_PASSWORD and HUB_USERNAME in Settings->CI/CD->Variables in atlas-sit/docker. Preferably masked, such that these are not visible in the gitlab logs directly. here is my private test dockerhub repository, where the above pipeline pushed the images to.

Finally, how do we automate the tag creation in atlas-sit/docker? I would propose to add some small script section with:

curl --request POST --form ref=master --form tag_name=${CI_COMMIT_TAG} --form private_token=<PRIVATETOKEN> https://gitlab.cern.ch/api/v4/projects/<PROJECTID>/repository/tags/

to the 21.2 CI system, to just mirror the tags between atlas/athena/21.2 and atlas-sit/docker. In this case I used a private API token to test the creation of tags remotely. To do it from the 21.2s CI system, we probably need a different token or need to make sure that the projects know of each other somehow - not too sure how this would work.

Should the images be always built on each commit and pushed only on tags, or is build&push on each tag preferred?