Fix cloudformation lint job

The dockerfile we were using in the cfn-python-lint repo wasn't actually pinned to the version associated with the git tag, it always installs the latest version.
A recent release consolidated error rules regarding invalid values.
We use an invalid "us-test-1" region and zones in much of our testing.
We used to be able to ignore this "invalid AZ" error, but now we would need to ignore all invalid values for all resource properties.
This pins cfn-python-lint to an older version but we'll have to figure out how we want to handle this longer term.

hack/cfn-lint.Dockerfile

@@ -0,0 +1,4 @@
+FROM python:3.8-alpine
+ARG CFNLINT_VERSION
+RUN pip install "cfn-lint==${CFNLINT_VERSION}" pydot
+ENTRYPOINT ["cfn-lint"]

hack/verify-cloudformation.sh

@@ -27,12 +27,7 @@ IMAGE="cfn-python-lint:${TAG}"
 # https://github.com/aws-cloudformation/cfn-python-lint/issues/1025
 function docker_build() {
   echo "Building cfn-python-lint image"
-  TMP=$(mktemp -d)
+  docker build --build-arg "CFNLINT_VERSION=${TAG}" --tag "${IMAGE}" - < "${KOPS_ROOT}/hack/cfn-lint.Dockerfile"
-  git clone -q -b "${TAG}" https://github.com/aws-cloudformation/cfn-python-lint "${TMP}"
-  pushd "${TMP}"
-  docker build --tag "${IMAGE}" .
-  popd
-  rm -rf "${TMP}"
 }
 
 docker image inspect "${IMAGE}" >/dev/null 2>&1 || docker_build