Linting for new packages not using git-checkout

[dakaneye]

Description

The foundations squad has made a concerted effort to update some of our most used packages to use git-checkout over fetch.
Part of what enabled the xz attack is folks reliance on source distributions. We should be biasing towards git-checkout in as many places as we conceivably can to prepare for a world where we want to analyze the upstream source repository for health indications, and aligning around git-checkout makes this significantly more tractable.

Therefore, we would like the normal checks done (both in the public os and enterprise-packages and extra-packages) as part of the wolfictl lint to also make sure that source code is retrieved via git-checkout instead of fetch.

[rawlingsj]

Are we thinking this should not be a required check? It looks like there's ~900 packages in wolfi that still use fetch, any automated package update will fail the new check. So maybe we start with a non required check?

Rough idea of Wolfi packages currently using fetch:
https://github.com/search?q=repo%3Awolfi-dev%2Fos+%22uses%3A+fetch%22&type=code