In 8e9d4424 (Makefile: Build Git with non-collision-detecting SHA1,
2025-01-21), we have started to build Git with non-collision detecting
SHA1 as additional backend to speed up the generation of packfiles. This
change was only done for Git v2.48.0 though, mostly because Git v2.47.0
still had two segfaults when wiring up the build option.

Unfortunately, we have observed that builds got unstable due to this
change. One such issue was fixed via ea6e25fe (Makefile: fix default
ref format propagating into build prereqs, 2025-01-30), but the "verify"
job is still failing.

As it turns out, the root cause can easily be reproduced locally: when
switching between the "build" and "lint" Makefile targets, then we'll
always rebuild the bundled Git v2.48.0 version. With the "build" target
we'll end up building it with `OPENSSL_SHA1_UNSAFE=YesPlease`, whereas
with the "lint" target we build without that option.

This is because the new option was added to "build-bundled-git-v2.48",
but the "lint" target doesn't depent on it. Instead, it depends on the
`GIT_PACKED_EXECUTABLES` variable, which directly depends on the Git
binaries we want to pack into Gitaly. Consequently, the build option
that was defined in the "build-bundled-git-v2.48" target does not apply
when building the executables, and thus we end up rebuilding them.

Fix the issue by instead moving the `GIT_BUILD_OPTIONS` override to the
lower-level build target.