Use job restrictions plugin option on Linux build dockerhosts

[sxa]

The work done under #3379 only changed the paramters on static build hosts, not the dockerhost systems used on Linux for running build containers. This issue should cover applying similar restrictions to those so that we can have the same isolation there. This will likely require further jobs to be on the allow list, such as the centos7_docker_image_updater job.

For reference, the original list that we added to most UNIX-based systems was build-scripts/jobs/.*|build-scripts-pr-test/build-test/jobs/.*|SXA-processCheck.*

Proposed new list: centos7_docker_image_updater.*|openjdk_build_docker_multiarch.*|build-scripts/jobs/.*|DockerFileCheck.*|build-scripts-pr-tester/build-test/jobs/.*adoptium-packages-linux-pipeline_new.*|sfr-build.* (sfr_build is temporary while the new installer process is tested)

Excluding azure dynamic ones currently provisioned, and the PLCTLab RISC-V ones (which aren't used and I'll remove the labels from them) the current list of systems to be covered by this are at https://ci.adoptium.net/label/build&&dockerBuild/ and are as follows:

Host	Changed?
build-marist-rhel8-s390x-1	Yes (rhel7 updater instead of centos7)
docker-osuosl-ubuntu2004-ppc64le-1	Yes
dockerhost-azure-ubuntu2204-x64-1	Yes
dockerhost-equinix-ubuntu2204-armv8-1	Yes
dockerhost-equinix-ubuntu2404-armv8-1	Yes
dockerhost-skytap-ubuntu2004-ppc64le-1	Yes
dockerhost-skytap-ubuntu2204-x64-1	Yes

[sxa]

@steelhead31 Will we need additional jobs whitelisted here for any of the the installer jobs? (Or anything else I've missed)

[steelhead31]

@sxa, yes we'll need the adoptium-packages-linux-pipeline_new job adding, alongside whatever its replacement is called :), I'll add them, when I get a bit closer to production. I've temporarily added the string for my development process to a couple of hosts, but I'll formalise it a little more, once the process is a bit closer to ready.

[sxa]

we'll need the adoptium-packages-linux-pipeline_new job adding,

I've added that one to the thee machines (x64 and ppc64le) that I've made the change on so far. We can test during this week's EA build cycle and see if anything is missed (I think you may have already corrected it but I changed your expression to have .* at the end instead of just *. The wildcard at the start shouldn't be needed for jobs that aren't in folders.

[sxa]

I've added that one to the thee machines (x64 and ppc64le)

@adamfarley @andrew-m-leonard I don't think we've seen any issues with this change, so if you agree and we don't see any issues with these two platforms I'll implement it on the other linux dockerhosts next week (so happy to wait until any specific triage activities that happen on Monday).

[sxa]

Done all all systems now.

[Haroon-Khel]

On the machine config of the machines listed in #3826 (comment), ive added |build_sign_sbom_libraries.* to the list to allow that job to run on these machines