Policy: associate policy error with the build step progress item

[tonistiigi]

Currently, the policy error just shows up at the end of the build, and none of the build steps are marked as failing. This can be confusing and also hides the last logs for policy evaluation (or makes them appear in the middle of plain progress).

Not really how to implement this yet, as policy evaluation failing doesn't necessarily mean build will fail as well, and build error itself comes from a different codepath than the policy evaluation.