Define owner(s) for each Dockerfile

[MichaelSimons]

There is a need to identify the owner(s) of the build tools Dockerfiles. The owner will be contacted/assigned issues in the following scenarios:

1. When there is a build break.
2. When there is a fixable vulnerability that requires a code change (e.g. a simple rebuild will not address).

Considerations:

1. Where to define the owner? CODEOWNERS feels like a natural mechanism. The manifest.json could be modified to support this as well.
2. Are teams allowed? Issues cannot be assigned to an issue. You could assign issues to all members of a team but that doesn't provide a great dev UX.
3. Validation should be created to ensure all Dockerfiles have an owner defined.

Related to #972

[ellahathaway]

@MichaelSimons - do both scenarios occur in runs of the following pipelines? https://dev.azure.com/dnceng/internal/_build?definitionScope=%5Cdotnet%5Cdotnet-buildtools-prereqs-docker

I would imagine that scenario 1 does (I found a few closed issues to support this assumption), but I'm not sure if scenario 2 does. I'm assuming that if there's is a vulnerability that requires a code change that it would appear in the component detection step, but I wanted to double check.

[MichaelSimons]

do both scenarios occur in runs of the following pipelines?

No the second scenario is the goal (see #1150). This isn't feasible yet until the EOL Annotations feature lands as there is too much noise in the vulnerability reports.

[ellahathaway]

Are teams allowed? Issues cannot be assigned to an issue. You could assign issues to all members of a team but that doesn't provide a great dev UX.

See #1153 (comment)

The policy will be to ping a team on an issue over an individual.

Assigning individuals can get tricky if someone is OOF or non-responsive. In that instance, we'd have to track down the team they belong to and ping them anyways.