release-23.2: build: use docker buildx imagetools for multi-arch manifest creation

[rail]

Backport 1/1 commits from #164559.

/cc @cockroachdb/release

---

Newer Docker versions (as shipped with Ubuntu 24.04) create OCI image indexes even for single-architecture builds. docker manifest create refuses to accept a manifest list as a source, causing failures like:

us-docker.pkg.dev/.../cockroach:amd64-v26.1.0-rc.1-... is a manifest list

Add a create_and_push_multi_arch_manifest helper to teamcity-support.sh that uses docker buildx imagetools create, which handles both plain manifests and OCI image indexes as sources. Falls back to the old docker manifest create flow if buildx is unavailable.

Update all release scripts to use the new helper. In publish-staged-cockroach-release.sh, also drop GCR latest/latest-branch manifests that were created but never pushed (dead code), and restructure DockerHub latest/latest-branch creation to only happen when the manifest will actually be pushed, since buildx imagetools create pushes immediately.

Epic: None
Release note: None

Release justification: release automation changes

[blathers-crl]

⚠️ End-of-Life Version Warning

This backport targets 23.2, which is an End-of-Life (EOL) version.

Please verify that backporting to this EOL version is intentional and appropriate. EOL versions no longer receive maintenance updates according to our support policy.

---

Thanks for opening a backport.

Before merging, please confirm that it falls into one of the following categories (select one):

• Non-production code changes OR fixes for serious issues. Non-production includes test-only changes, build system changes, etc. Serious issues are defined in the policy as correctness, stability, or security issues, data corruption/loss, significant performance regressions, breaking working and widely used functionality, or an inability to detect and debug production issues.
• Other approved changes. These changes must be gated behind a disabled-by-default feature flag unless there is a strong justification not to. Reference the approved ENGREQ ticket in the PR body (e.g., "Fixes ENGREQ-123").

Add a brief release justification to the PR description explaining your selection.

Also, confirm that the change does not break backward compatibility and complies with all aspects of the backport policy.

All backports must be reviewed by the TL and EM for the owning area.

[cockroach-teamcity]

This change is 

[blathers-crl]

✅ PR #164569 is compliant with backport policy

Confidence: high
Backward compatible: true
Explanation: This PR primarily modifies scripts and tools used within the build and release process of CockroachDB, focusing on adapting to new Docker behaviors in newer versions of the software. This includes changes that do not impact the core functioning or stability of the database system, hence these files are deemed non-production code.

The changes are localized to scripts within the 'build' and 'teamcity' directories (e.g., 'teamcity-support.sh' and 'build-cockroach-release-docker.sh'), which match non-production file patterns specified in the backport policy. Thus, these updates are exempt from the standard backport policy that requires bug fixes or feature flag applications.

Moreover, the PR includes a 'Release justification: release automation changes', asserting that the changes facilitate release automation improvements. Even though these changes are non-production, this justification reaffirms their backport compatibility and compliance.

❌ ENGREQ Check Failed: Please check one of the backport category checkboxes.

_{🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is dev-inf.}