TUN-5551: Change internally published debian package to be FIPS compliant

This changes existing Makefile targets to make it obvious that they are
used to publish debian packages for internal Cloudflare usage. Those are
now FIPS compliant, with no alternative provided. This only affects amd64
builds (and we only publish internally for Linux).

This new Makefile target is used by all internal builds (including nightly
that is used for e2e tests).

Note that this Makefile target renames the artifact to be just `cloudflared`
so that this is used "as is" internally, without expecting people to opt-in
to the new `cloudflared-fips` package (as we are giving them no alternative).

Makefile

@@ -156,6 +156,10 @@ endef
 cloudflared-deb: cloudflared
 	$(call build_package,deb)
 
+.PHONY: cloudflared-internal-deb
+cloudflared-internal-deb: cloudflared-deb
+	bash -c 'for f in cloudflared-fips_*.deb; do mv -- "$$f" "$${f/-fips/}"; done'
+
 .PHONY: cloudflared-rpm
 cloudflared-rpm: cloudflared
 	$(call build_package,rpm)

cfsetup.yaml

@@ -82,9 +82,9 @@ stretch: &stretch
       - export GOOS=linux
       - export GOARCH=amd64
       - make cloudflared-deb
-  build-fips-deb:
+  build-fips-internal-deb:
     build_dir: *build_dir
-    builddeps:
+    builddeps: &build_fips_deb_deps
       - *pinned_go_fips
       - build-essential
       - fakeroot
@@ -93,15 +93,16 @@ stretch: &stretch
       - export GOOS=linux
       - export GOARCH=amd64
       - export FIPS=true
-      - make cloudflared-deb
-  build-deb-nightly:
+      - make cloudflared-internal-deb
+  build-fips-internal-deb-nightly:
     build_dir: *build_dir
-    builddeps: *build_deb_deps
+    builddeps: *build_fips_deb_deps
     post-cache:
       - export GOOS=linux
       - export GOARCH=amd64
       - export NIGHTLY=true
-      - make cloudflared-deb
+      - export FIPS=true
+      - make cloudflared-internal-deb
   build-deb-arm64:
     build_dir: *build_dir
     builddeps: *build_deb_deps