ci(bump automation): bump ubi9 for ironbank (#112298)

### What

Enable updatecli
[policies](https://www.updatecli.io/blog/shareable-policies) to bump the
Ironbank versions automatically, then 
https://github.com/elastic/elasticsearch/pull/111743 won't be manually
created but when a new ubit9 version is released and available in the
Ironbank system.

Those policies can be found at
[elastic/oblt-updatecli-policies@main/updatecli/policies/](https://github.com/elastic/oblt-updatecli-policies/tree/main/updatecli/policies/?rgh-link-date=2024-08-28T16%3A30%3A04Z)
(NOTE: This is a private repository only accessible by Elastic
employees)

#### How to test this PR locally

1. `gh pr checkout 112298`
2. Install [updatecli](https://www.updatecli.io/docs/prologue/installation/)
3. Login to [ghcr.io](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-to-the-container-registry)
4. Diff (dry-run)

```bash
$ GITHUB_TOKEN=$(gh auth token) updatecli compose diff --experimental
```

5. Create Pull Request if new changes

```bash
$ GITHUB_REPOSITORY=elastic/elasticsearch \
   GITHUB_ACTOR=v1v \
   GITHUB_TOKEN=$(gh auth token) \
updatecli compose apply --experimental
```

.github/updatecli/values.d/ironbank.yml

@@ -0,0 +1,3 @@
+config:
+  - path: distribution/docker/src/docker/iron_bank
+    dockerfile: ../Dockerfile

.github/updatecli/values.d/scm.yml

@@ -0,0 +1,10 @@
+scm:
+  enabled: true
+  owner: elastic
+  repository: elasticsearch
+  branch: main
+  commitusingapi: true
+  # begin updatecli-compose policy values
+  user: elasticmachine
+  email: 42973632+elasticmachine@users.noreply.github.com
+  # end updatecli-compose policy values

.github/updatecli/values.d/updatecli-compose.yml

@@ -0,0 +1,3 @@
+spec:
+  files:
+    - "updatecli-compose.yaml"

.github/workflows/updatecli-compose.yml

@@ -0,0 +1,38 @@
+---
+name: updatecli-compose
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 6 * * *'
+
+permissions:
+  contents: read
+
+jobs:
+  compose:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: read
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: elastic/oblt-actions/updatecli/run@v1
+        with:
+          command: --experimental compose diff
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: elastic/oblt-actions/updatecli/run@v1
+        with:
+          command: --experimental compose apply
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

updatecli-compose.yaml

@@ -0,0 +1,14 @@
+# Config file for `updatecli compose ...`.
+# https://www.updatecli.io/docs/core/compose/
+policies:
+  - name: Handle ironbank bumps
+    policy: ghcr.io/elastic/oblt-updatecli-policies/ironbank/templates:0.3.0@sha256:b0c841d8fb294e6b58359462afbc83070dca375ac5dd0c5216c8926872a98bb1
+    values:
+      - .github/updatecli/values.d/scm.yml
+      - .github/updatecli/values.d/ironbank.yml
+
+  - name: Update Updatecli policies
+    policy: ghcr.io/updatecli/policies/autodiscovery/updatecli:0.4.0@sha256:254367f5b1454fd6032b88b314450cd3b6d5e8d5b6c953eb242a6464105eb869
+    values:
+      - .github/updatecli/values.d/scm.yml
+      - .github/updatecli/values.d/updatecli-compose.yml