Replace build system with a Bazel-based one
This pins our external dependencies and introduces a mostly-hermetic build where all dependencies are explicitly declared and rebuilt if needed.
Necessary prerequite for a proper CI workflow. Since Bazel can cache build artifacts, we can remove the hardcoded binary artifacts from the repo.
As suggested in our discussions, the genrule that builds mkfs.xfs is basically doing the same as the previous build_artifacts.sh script (see source code comments for rationale).
The main issue at this point is that the `build/linux_kernel:image` target rebuilds the kernel each time any of its inputs (like cmd/init)
change. This is very hard to fix without compromising on hermeticity, porting kbuild to Bazel (no thanks) or injecting the initramfs into the
kernel image in a separate rule (might just work, but the kernel build rule would either have custom code, or a massive set of outputs).
Perhaps we could use a separate initramfs for development? Or deliberately poke holes into Bazel's sandbox to reuse kernel build?
Test Plan:
Run this in a fresh container with empty Bazel cache:
    bazelisk run scripts:launch
... and watch as Bazel rebuilds the world.
X-Origin-Diff: phab/D197
GitOrigin-RevId: 21eea0e213a50e1c4ad25b2ac2bb87c53e36ea6d
diff --git a/BUILD b/BUILD
new file mode 100644
index 0000000..555b968
--- /dev/null
+++ b/BUILD
@@ -0,0 +1,41 @@
+load("@bazel_gazelle//:def.bzl", "gazelle")
+
+# gazelle:prefix git.monogon.dev/source/smalltown.git
+gazelle(name = "gazelle")
+
+genrule(
+    name = "image",
+    srcs = [
+        "@//cmd/mkimage",
+        "@//build/linux_kernel:image",
+    ],
+    outs = [
+        "smalltown.img",
+    ],
+    cmd = """
+    $(location @//cmd/mkimage) $(location @//build/linux_kernel:image) $@
+    """,
+    visibility = ["//visibility:public"],
+)
+
+genrule(
+    name = "swtpm_data",
+    outs = [
+        "tpm/tpm2-00.permall",
+    ],
+    cmd = """
+    mkdir tpm
+
+    swtpm_setup \
+        --tpmstate tpm \
+        --create-ek-cert \
+        --create-platform-cert \
+        --allow-signing \
+        --tpm2 \
+        --display \
+        --pcr-banks sha1,sha256,sha384,sha512
+
+    cp tpm/tpm2-00.permall $@
+    """,
+    visibility = ["//visibility:public"],
+)