releng - move c7n, c7n-org, c7n-mailer to wolfi

[kapilt]

this moves all custodian images to wolfi

• c7n
• org
• mailer
• policystream

this drops open stack in the base image, and removes the optional psutil package. effectively any package that requires compilation due to a dependency not publishing wheels (open stack still depends on unmaintained netifaces, and psutil doesn't publish arm64 linux wheels).

scan result

❯ grype c7n-wolfi
 ✔ Vulnerability DB                [no update available]  
 ✔ Loaded image                                                                                                                                     c7n-wolfi:latest
 ✔ Parsed image                                                                              sha256:1288cdd836495f73b832f8989c33a3c6782f8f83105d881fc3f9ecaa1c618722
 ✔ Cataloged contents                                                                               2b399ab97aa1426baca578b77ba88231d5abbddd421a2dcd7dfd8f04d136f34b
   ├── ✔ Packages                        [241 packages]  
   ├── ✔ File digests                    [2,163 files]  
   ├── ✔ File metadata                   [2,163 locations]  
   └── ✔ Executables                     [220 executables]  
 ✔ Scanned for vulnerabilities     [0 vulnerability matches]  
   ├── by severity: 0 critical, 0 high, 0 medium, 0 low, 0 negligible
   └── by status:   0 fixed, 0 not-fixed, 0 ignored 
No vulnerabilities found

[kapilt]

I think there is a separate open question on whether we should move away from an omnibus image in favor of provider specific images. azure bloat adds 500mb to an image, an aws and gcp only image would be about 200mb where as combined is about 900mb.