Use `rules_distroless#apt` to download `.deb` packages

The apt extension can install Debian packages. We can use that and get rid of a lot of our code in rules_labgrid.

We would need to define a manifest (labgrid/apt/manifest.yaml):

#  To generate the bookworm.lock.json run the following command
#
#     bazel run @rules_labgrid-bookworm//:lock
version: 1

sources:
  - channel: bookworm main contrib
    url: https://snapshot-cloudflare.debian.org/archive/debian/20240210T223313Z
  - channel: bookworm-security main
    url: https://snapshot-cloudflare.debian.org/archive/debian-security/20240210T223313Z
  - channel: bookworm-updates main
    url: https://snapshot-cloudflare.debian.org/archive/debian/20240210T223313Z/

archs:
  - "amd64"
  - "arm64"

packages:
  - "qemu-system-arm"
  - "qemu-system-x86"

We can then change MODULE.bazel to use the extension:

apt = use_extension("@rules_distroless//apt:extensions.bzl", "apt")
apt.install(
    name = "rules_labgrid-bookworm",
    lock = "//labgrid/apt:manifest.lock.json",
    manifest = "//labgrid/apt:manifest.yaml",
)
use_repo(apt, "rules_labgrid-bookworm")

Then rather than passing SRCS to the debian_patchelf rules, we can use @rules_labgrid-bookworm//qemu-system-arm/a{md,rm}64:data.

We currently filter some files from the archives which we may need to revisit with this new method.

This would hugely reduce our maintenance though.

It currently uses yq unhermetically but it is unclear if it is still used once the lockfile is generated. They have some code in the underlying rules that allow specifying the yq tool but it seems that it is not passed through the extension. If this is the case, we will need to spin out some tickets to do upstream work before landing this ticket. We can block this ticket on those tickets and park this ticket until they land.