Hardening

[jduepmeier]

This PR does a little bit of harding for the image.

1. It updates the base image from 11.0.10 to 11.0.13
2. It uses a multi-stage build to remove files not needed in final image (like wget and apt cache files)
3. It creates the cerebro user as system user without home
4. cerebro does not need to own all cerebro files. It is more secure if the cerebro process cannot override its own config files.

[gillg]

Little conflict with https://github.com/lmenezes/cerebro-docker/pull/15 where the latest jre-11 is always used. But I like your optimization !

[moliware]

Thanks for the contribution