[ci] Run Go unit tests with GODEBUG=fips140=only (#13926)

<!--Ex. Fixing a bug - Describe the bug and how this fixes the issue.
Ex. Adding a feature - Explain what this achieves.-->
#### Description

This PR runs all Golang unit tests in this repository with the
`GODEBUG=fips140=only` environment set. This is useful to detect any
FIPS-140 violations of code covered by these unit tests.

To achieve the above, this PR introduces a new `gotest-fips140-only`
target in `Makefile` and a corresponding `test-fips140-only` target in
`Makefile.Common`.

<!-- Issue number if applicable -->
#### Link to tracking issue
Relates to #13925 

<!--Describe what testing was performed and which tests were added.-->
#### Testing

<!--Describe the documentation added.-->
#### Documentation

<!--Please delete paragraphs that you did not use before submitting.-->

Author: ycombinator

Makefile.Common

@@ -25,7 +25,9 @@ JUNIT_OUT_DIR ?= $(TOOLS_MOD_DIR)/testresults
 
 .PHONY: test
 test:
-	$(GO_TOOL) gotestsum --packages="./..." -- $(GOTEST_OPT)
+    # GODEBUG=fips140=only is used to surface any FIPS-140-3 non-compliant cryptographic
+    # calls into the Go standard library. See: https://go.dev/doc/security/fips140#fips-140-3-mode
+	GODEBUG=fips140=only $(GO_TOOL) gotestsum --packages="./..." -- $(GOTEST_OPT)
 
 .PHONY: test-with-cover
 test-with-cover: