Support for passing through raw buildkit policies

This adds an env var which can be used to pass in a path to a file to
read a buildkit source poliy from.

This is applied to any build is executed with the env set.
It is also applied to bakes (which are calling build behind the scenes).

Signed-off-by: Brian Goff <cpuguy83@gmail.com>

controller/build/build.go

@@ -136,6 +136,8 @@ func RunBuild(ctx context.Context, dockerCli command.Cli, in controllerapi.Build
 
 	opts.Attests = controllerapi.CreateAttestations(in.Attests)
 
+	opts.SourcePolicy = in.SourcePolicy
+
 	allow, err := buildflags.ParseEntitlements(in.Allow)
 	if err != nil {
 		return nil, nil, err