[ci] do not push latest docker tag if the release is not the most recent one (#14671)

[efaure]

Do not push latest tag if the release is not the last one

Closes #14671

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 32.35%. Comparing base (4096009) to head (00e2d38).
⚠️ Report is 36 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #14670      +/-   ##
==========================================
- Coverage   32.36%   32.35%   -0.01%     
==========================================
  Files        3097     3097              
  Lines      210976   211020      +44     
  Branches    38233    38253      +20     
==========================================
  Hits        68280    68280              
- Misses     142696   142740      +44     

Flag	Coverage Δ
opencti-client-python	45.48% <ø> (ø)
opencti-front	2.82% <ø> (-0.01%)	⬇️
opencti-graphql	67.73% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[efaure]

fyi @labo-flg I fixed some copy paste error.

[Copilot]

Pull request overview

Updates the CircleCI Docker release pipeline to prevent FIPS latest-* tags from being overwritten when releasing an older (backport) version tag, aligning FIPS behavior with the existing non-FIPS image logic.

Changes:

• Determine the most recent semantic Git tag at build time in FIPS docker release jobs.
• Only add/push latest-fips tags when CIRCLE_TAG matches the most recent semantic version.
• Apply the same conditional-tagging logic for both DockerHub and GHCR targets (platform + worker).