Fix VCS stamping error in containerized builds with Podman

[kaovilai]

Thank you for contributing to Velero!

Please add a summary of your change

This PR fixes VCS stamping errors that occur when using Podman as the container runtime for builds by adding git safe.directory configuration to bypass Git's "dubious ownership" security check.

Root Cause: The mounted repository directory (/github.com/vmware-tanzu/velero) is owned by root:root but files inside are owned by the mapped user, triggering Git's security feature and causing VCS stamping to fail with exit code 128.

Solution:

• Add .gitconfig file with [safe] directory = /github.com/vmware-tanzu/velero
• Mount .gitconfig as read-only volume in the shell target: -v "$(pwd)/.gitconfig:/root/.gitconfig:ro"

Testing: Verified that git status, VCS stamping, and make build-linux-amd64 all work correctly after the fix.

Does your change fix a particular issue?

Fixes #9004

Please indicate you've done the following:

• Accepted the DCO. Commits without the DCO will delay acceptance.
• Created a changelog file (make new-changelog) or comment /kind changelog-not-required on this PR.
• Updated the corresponding documentation in site/content/docs/main.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 59.81%. Comparing base (41a6922) to head (d32f63a).
⚠️ Report is 618 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #9008   +/-   ##
=======================================
  Coverage   59.81%   59.81%           
=======================================
  Files         375      375           
  Lines       41056    41056           
=======================================
  Hits        24557    24557           
  Misses      15010    15010           
  Partials     1489     1489           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[reasonerjt]

@blackpiglet Please double-check if the ownership issue only impacts podman. We have resolved something similar in downstream, but why we are not seeing this in upstream?

[blackpiglet]

@kaovilai
I'm still confused about why this only happened on the Podman environment and only for make all-build CLI.

According to the go build help information, the -buildvsc default value should be auto.
So it seems there should be no difference between docker and podman.

	-buildvcs
		Whether to stamp binaries with version control information
		("true", "false", or "auto"). By default ("auto"), version control
		information is stamped into a binary if the main package, the main module
		containing it, and the current directory are all in the same repository.
		Use -buildvcs=false to always omit version control information, or
		-buildvcs=true to error out if version control information is available but
		cannot be included due to a missing tool or ambiguous directory structure.

[blackpiglet]

I just found out golang may set the -buildvcs to true implicitly.
If so, do we rely on the VSC information anyway?

[blackpiglet]

@reasonerjt
I just found a closed PR #5938 related to this.
I may not have recalled the downstream fix correctly.
It seems this error happened before, but it was not reproducible, and we didn't fix it.