STAC-24657: add OCI labels to stackstate-process-agent images

[viliakov]

What

Adds the canonical SUSE Observability OCI label set (19 labels + optional published-by) to the stackstate-k8s-process-agent image, built per arch (amd64 + arm64) and combined into a multi-arch manifest. Labels are spliced into the existing docker build invocation per arch.

Image	Dockerfile	Resolved base
stackstate-k8s-process-agent	BCI.dockerfile	registry.suse.com/bci/bci-micro:15.7

How

• Vendored canonical helper into packaging/oci-labels.sh, extended with:
  • --dockerfile PATH — extract base image from the Dockerfile by tracing every FROM through prior stage references and picking the last resolved value. BCI.dockerfile defines bci-micro:15.7 AS final first, then bci-base:latest AS chroot-builder, then a final FROM final — the algorithm correctly resolves the trailing stage reference back to bci-micro:15.7.
  • --base-digest sha256:… — optional override (not used here yet, but kept identical to the kaniko-friendly helper used by the other Family D repos).
• New thin wrapper packaging/build-and-label.sh calls the helper with --dockerfile BCI.dockerfile, captures the --label= flags, and splices them into docker build. Both arch CI files (.gitlab-ci-x64.yml, .gitlab-ci-arm.yml) call the wrapper instead of inlining the same logic twice.
• Dropped the previous BASE_IMAGE env-var pattern — base name and digest now derive from the Dockerfile so they stay in sync with updatecli-driven base bumps.

Verification

• Local: ran helper standalone against BCI.dockerfile, confirmed it resolves to bci-micro:15.7 (not the bci-base:latest builder stage) and emits 19 label lines.
• CI run on this branch: confirm both arch jobs publish images with the full label set (docker buildx imagetools inspect or skopeo inspect docker://…) and that the manifest-list merge preserves the per-arch labels.

Related

• Umbrella ticket: STAC-24657
• Family C reference MR (stackgraph): https://gitlab.com/stackvista/stackgraph/-/merge_requests/871