Use OCI image annotations to drive automated image re-builds

[lbussell]

Related: dotnet/dotnet-docker#5531

If we added the following OCI image annotations, we could use this information to drive our automatic image rebuilds instead of keeping track of and updating image-info files.

• org.opencontainers.image.source: URL to get source code for building the image (string). This would be equivalent to image info's commitUrl
• org.opencontainers.image.base.digest: Digest that the image is based on (string). Equivalent to image-info's baseImageDigest.
• org.opencontainers.image.base.name (optional?): fully qualified base image name. I don't think this is completely necessary since we can query the Dockerfile for this information. However, we have this information, and adding it would make it easier for users to determine if our images are out of date without checking the Dockerfile.

To implement this, we'd need:

• Add the option to set annotations during image builds
  • This is done using the --annotation "foo=bar" argument for docker build [source]
  • Could be turned on/off via the manifest or a build command option for ImageBuilder.
• Add the capability to use image annotations in GetStaleImagesCommand
  • This could be either automatic or configurable in check-base-image-subscriptions.json

[mthalman]

Having these annotations would also be helpful for this scenario: dotnet/arcade#16602