Move away from using a daemonset to serve the docker socket

[yuvipanda]

When I first set it up, I made the docker socket for builds a unix socket for the following reasons:

1. It allowed us to re-use the existing docker socket used by k8s on the machine, allowing a no-registry approach
2. The only real way to secure a tcp docker socket is via a CA, which was... complicated.
3. It allowed for rudimentary load balancing of the build pods

(1) is no longer the case for like years now, as docker is no longer used by kubernetes.

(2) is easier now (see https://helm.sh/docs/chart_template_guide/function_list/#genprivatekey and friends).

Doing this would allow us to simplify our operational model - we can have a single docker daemon that's doing builds instead of a large number. And we can do load balancing by switching to https://docs.docker.com/build/builders/drivers/kubernetes/.

So let's move away from the daemonset to a deployment + service for dind!