bloodhound: move FIPS checks to all variants with runtime detection

[sky1122]

Description of changes:
The FIPS compliance checks were previously packaged separately and only installed on FIPS-specific variants. This prevented runtime FIPS detection on standard variants where FIPS may be enabled at boot via the kernel flag.

Testing done:
Testing with #918

• before the fips turn on

Unable to parse checker metadata from "/usr/libexec/fips-checks/bottlerocket/fips01030000"
Benchmark name:  FIPS Security Policy
Version:         v1.0.0
Reference:       https://csrc.nist.gov/
Benchmark level: 1
Start time:      2026-05-29T21:39:56.860782438Z

[SKIP] 1.0       FIPS mode is enabled. (Automatic)
[SKIP] 1.1       FIPS module is Amazon Linux 2023 Kernel Cryptographic API. (Automatic)
[SKIP] 1.2       FIPS self-tests passed. (Automatic)

Passed:          0
Failed:          0
Skipped:         3
Total checks:    3

Compliance check result: SKIP
Warning: No checks were able to run
bash-5.2# exit
exit
[root@admin]# apiclient get os
{
  "os": {
    "arch": "x86_64",
    "build_id": "f0dfc999-dirty",
    "pretty_name": "Bottlerocket OS 1.58.0 (aws-k8s-1.33)",
    "variant_id": "aws-k8s-1.33",
    "version_id": "1.58.0"
  }
}
[root@admin]#

• after the fips turn on

Unable to parse checker metadata from "/usr/libexec/fips-checks/bottlerocket/fips01030000"
Benchmark name:  FIPS Security Policy
Version:         v1.0.0
Reference:       https://csrc.nist.gov/
Benchmark level: 1
Start time:      2026-05-29T21:44:50.491009381Z

[PASS] 1.0       FIPS mode is enabled. (Automatic)
[PASS] 1.1       FIPS module is Amazon Linux 2023 Kernel Cryptographic API. (Automatic)
[PASS] 1.2       FIPS self-tests passed. (Automatic)

Passed:          3
Failed:          0
Skipped:         0
Total checks:    3

Compliance check result: PASS

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.