chore(ci): ensure local dev env use local tools.

[Zenithar]

What does this PR do?

• Alters existing functionality
• Improves documentation or testing

Ensures the Makefile installs all tools locally (under `bin/tools/`) and invokes them from that local path, rather than relying on globally-installed binaries in `$(GOBIN)` / `$(GOPATH)/bin`.

Changes

Local tool installation

• Introduce `LOCALBIN = $(shell pwd)/bin/tools` and per-tool path variables (`CONTROLLER_GEN`, `HELM`, `GOLANGCI_LINT`, etc.)
• All `install-*` targets now write binaries into `$(LOCALBIN)` instead of `$(GOBIN)`
• All tool invocation sites updated to use the path variables
• `bin/tools/` and `bin/protoc-include/` added to `.gitignore`
• New `install-tools` umbrella target bootstraps all tools in one command

SHA256 integrity checks

• Switch `install-golangci-lint` from the piped install script to a direct archive download with SHA256 verification
• All curl-based installs (`golangci-lint`, `helm`, `mockery`, `yamlfmt`, `watchexec`) now verify the downloaded archive against hardcoded checksums sourced from each project's official release checksums file
• Portable verification command: `sha256sum` on Linux, `shasum -a 256` on macOS
• `watchexec`: replaced `brew install` with a reproducible curl-based install from GitHub releases

Skip reinstall when already at correct version

• Version-probe variables for all tools reference `$(LOCALBIN)/tool` instead of PATH
• `install-protobuf`, `install-kubebuilder`, `install-datadog-ci` now guarded (previously always re-ran)
• `install-yamlfmt`, `install-watchexec` upgraded from file-existence-only to version comparison where possible
• `yamlfmt` v0.9.0 has no `--version` flag; guarded by file existence

protoc / protobuf toolchain

• `protoc-gen-go` and `protoc-gen-go-grpc` promoted to first-class tools: dedicated `install-protoc-gen-go` / `install-protoc-gen-go-grpc` targets with version guards
• `generate-disruptionlistener-protobuf` and `generate-chaosdogfood-protobuf` declare install targets as prerequisites instead of inlining `go install`
• Pass `--proto_path=$(PROTOC_INCLUDE)` so well-known types (`google/protobuf/empty.proto` etc.) resolve correctly

Codegen targets

• Rename `generate` → `generate-controller` (generates deepcopy/object code via controller-gen)
• New `generate` umbrella: `generate-controller manifests generate-mocks generate-disruptionlistener-protobuf generate-chaosdogfood-protobuf`

CI (`.github/workflows/ci.yml`)

• `validate-codegen` job now runs `make generate-controller` and checks for drift

Code Quality Checklist

• The documentation is up to date.
• My code is sufficiently commented and passes continuous integration checks.
• I have signed my commit (see Contributing Docs).

Testing

• I leveraged continuous integration testing
  • by depending on existing `unit` tests or `end-to-end` tests.
• I manually tested the following steps:
  • `make install-tools` installs all tools under `bin/tools/` with SHA256 verification
  • Re-running `make install-tools` skips already-installed tools at the correct version
  • `make generate` runs all codegen targets end-to-end
  • `make lint`, `make manifests`, `make test` use binaries from `bin/tools/`

[datadog-official]

✅ Tests

🎉 All green!

❄️ No new flaky tests detected
🧪 All tests passed

🎯 Code Coverage (details)
• Patch Coverage: 100.00%
• Overall Coverage: 38.49% (+0.02%)

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 3db902d | Docs | Datadog PR Page | Was this helpful? React with 👍/👎 or give us feedback!}