Switch to supported Java base image and re-order image layers

[chgl]

As per https://hub.docker.com/_/openjdk, the OpenJDK image is deprecated:

This image is officially deprecated and all users are recommended to find and use suitable replacements ASAP.

I've switched to the temurin image in this PR, but any of them should be fine so I'd be OK if another choice is more appropriate.

Per trivy image, this reduces the known CVEs in the base image from 730 to 31:

obiba/opal:snapshot (debian 11.7)

Total: 730 (UNKNOWN: 7, LOW: 468, MEDIUM: 120, HIGH: 124, CRITICAL: 11)

ghcr.io/chgl/docker-opal:test (ubuntu 22.04)

Total: 31 (UNKNOWN: 0, LOW: 19, MEDIUM: 12, HIGH: 0, CRITICAL: 0)

Further, slightly changing the order of the apt-get and deleting the apt cache reduces the compressed image size from 508 down to 337 M:

$ crane manifest obiba/opal:snapshot | jq '.config.size + ([.layers[].size] | add)' | numfmt --to=iec
508M

$ crane manifest ghcr.io/chgl/docker-opal:test | jq '.config.size + ([.layers[].size] | add)' | numfmt --to=iec
337M

The updated image should be functionally equivalent, however anyone depending on something that is present in the deprecated OpenJDK image that is not present in the eclipse-temurin one may experience breaking changes. I'd expect this not to be too big of an issue and resolvable by apt-get install'ing anything that is missing.

[ymarcon]

Excellent, thanks. FYI the master branch is for building the snapshot image, from the source code of opal. The Dockerfile for building the latest image is currently in the branch 4.6.x.

[chgl]

ah well, I'll re-create the branch from 4.6.x rebasing seems too much of a hassle. One sec...