feat(validations): add Go native FIPS 140-3 module support

[smith-xyz]

Add version-gated validation for Go binaries using the native FIPS
module (GOFIPS140). Go <= 1.25 uses legacy OpenSSL checks. Go 1.26
supports dual mode (native or OpenSSL). Go >= 1.27 requires native
FIPS with GODEBUG fips140=auto and a certified GOFIPS140 module.

Refactor scan pipeline into phased validation (OS -> binary inspection
-> module artifact validation) and move host library FIPS checks from
config into a code-driven registry for extensibility. Remove the
fips_validation_mode config gate in favor of presence-based activation
via fips_certified_modules.

Closes #332

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: smith-xyz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [smith-xyz]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@smith-xyz: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.