Fix signature mismatches when steps have plugins

[DrJosh9000]

The first part of this PR enables CommandStep to be unmarshaled directly from JSON consistently. This is mainly needed because Plugin wasn't set up to be unmarshaled from JSON, but reusing the YAML -> ordered path keeps it consistent.

The second part of this PR changes how Plugin is marshaled back to JSON. FullSource applies similar normalisations that the backend should be applying to plugin sources, and comes with the ~same suite of tests.

Source normalisation of plugins is better suited to the marshaling phase than the parsing/unmarshaling phase, because:

• interpolation applies to plugin sources and configs, so putting it in the parsing phase would require reworking interpolation
• if/when pipeline is spun out into its own library, users would be writing Plugin literals with all the accepted kinds of Source, so normalisation would generally happen later.

There's also a couple of log output fumbles (%w is only supported in fmt.Errorf, not logger) and a fix to make it easier to hold ordered.Unmarshal when you have yaml.Node.

[triarius]

Nice, falling back to not altering the source is a good strategy.

[triarius]

I wonder if there's a way that we can carry across that FullSource had to fall back to being identical on a particular input. Then, when it comes time to sign the plugin, we can feed a warning to the job logs. It's perhaps not necessary right now, but I would want such a thing before we announce this is released.

[DrJosh9000]

I think it's a bit tricky. Some inputs have to fall back because neither the pipeline-uploading agent nor the backend know what local or vendored plugins will be present. And some inputs must fall back because there needs to be a way to override the assumption that the plugin is in GitHub (and usually in buildkite-plugins). Failing to parse as a URL / URI could be a mistake, but I have the suspicion that some edge case will fall into it.

[triarius]

🤞 that there is no inconsistency with this and ruby's URI.parse