allow setting FIPS mode at runtime and build against frozen go/crypto

[SimonTheLeg]

What this PR does / why we need it:

Which issue(s) this PR fixes:
Fixes internal-backlog number 34

Special notes for your reviewer:

A short explanation of how FIPS in Go 1.24 works in general (from here https://go.dev/doc/security/fips140):
Passing the GOFIPS140=v1.0.0 flag to go build ensures that a frozen version of the Go crypto lib from early 2025 is linked into the binary. This is important as this version is currently being certified for FIPS. Furthermore, the GODEBUG=fips140=only setting ensures that the program is going to panic or return an error if a fips incompliant crypto lib function is being called (e.g. crypto/sha1.Sum). Without it the program would just continue running.

Things that need to be discussed where we have some leeway:

Currently my implementation follows the motto: FIPS first, no FIPS possible

1. Currently the binary on startup prints out in which mode it is running. While it is a bit more copy-paste effort for every operator, I think this is worth it as you then can easily tell in which mode the binary is running. Do you agree?
2. I think we should allow the operator to be run in non-FIPS mode as well. Reason being is that if we ever encounter an issue with FIPS (for example invalid cipher panic), we can easily run in non-FIPS mode on dev temporarily to narrow down the issue. The implications of this choice are that we should add an option into our values in the helm chart (see this PR). Wdyt?

Update Apr 15th: Was decided to keep as proposed

Release note:

NONE

[reshnm]

/LGTM