build: use the same alpine OS version in Dockerfile, update pkgs

[sbocinec]

Security audit for kminion used in Redpanda cloud offering currently reports the existing kminion package (2.2.4 & 2.2.3) is affected by CVE-2023-2650. The following OS packages are affected:

• Libcrypto3 3.0.8-r3 - fixed in 3.0.9-r0 in Alpine 3.17
• Libssl3 3.0.8-r3 - fixed in 3.0.9-r0 in Alpine 3.17

The issue can be mitigated by re-building the image while executing apk upgrade during the build:

 $ docker run -it --rm alpine:3.17                                
/ # apk list
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.17/main: No such file or directory
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.17/community: No such file or directory
musl-1.2.3-r4 x86_64 {musl} (MIT) [installed]
zlib-1.2.13-r0 x86_64 {zlib} (Zlib) [installed]
apk-tools-2.12.10-r1 x86_64 {apk-tools} (GPL-2.0-only) [installed]
busybox-binsh-1.35.0-r29 x86_64 {busybox} (GPL-2.0-only) [installed]
musl-utils-1.2.3-r4 x86_64 {musl} (MIT AND BSD-2-Clause AND GPL-2.0-or-later) [installed]
alpine-baselayout-3.4.0-r0 x86_64 {alpine-baselayout} (GPL-2.0-only) [installed]
alpine-keys-2.4-r1 x86_64 {alpine-keys} (MIT) [installed]
libcrypto3-3.0.8-r3 x86_64 {openssl} (Apache-2.0) [installed]
busybox-1.35.0-r29 x86_64 {busybox} (GPL-2.0-only) [installed]
scanelf-1.3.5-r1 x86_64 {pax-utils} (GPL-2.0-only) [installed]
ca-certificates-bundle-20220614-r4 x86_64 {ca-certificates} (MPL-2.0 AND MIT) [installed]
libc-utils-0.7.2-r3 x86_64 {libc-dev} (BSD-2-Clause AND BSD-3-Clause) [installed]
ssl_client-1.35.0-r29 x86_64 {busybox} (GPL-2.0-only) [installed]
alpine-baselayout-data-3.4.0-r0 x86_64 {alpine-baselayout} (GPL-2.0-only) [installed]
libssl3-3.0.8-r3 x86_64 {openssl} (Apache-2.0) [installed]
/ # apk upgrade --no-cache
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/x86_64/APKINDEX.tar.gz
(1/5) Upgrading musl (1.2.3-r4 -> 1.2.3-r5)
(2/5) Upgrading ca-certificates-bundle (20220614-r4 -> 20230506-r0)
(3/5) Upgrading libcrypto3 (3.0.8-r3 -> 3.0.9-r1)
(4/5) Upgrading libssl3 (3.0.8-r3 -> 3.0.9-r1)
(5/5) Upgrading musl-utils (1.2.3-r4 -> 1.2.3-r5)
Executing busybox-1.35.0-r29.trigger
OK: 7 MiB in 15 packages

This PR address this security vulnerability by adding apk upgrade --no-cache command to kminion Runtime image Dockerfile.

Additionally, I noticed, the alpine OS image version differs b/w the builder and the runtime image:

• golang:1.20-alpine:

  $ docker run -it --rm golang:1.20-alpine cat /etc/alpine-release 
  3.18.0

• alpine:3.17

It is not a big deal, but as we copy ca-certificates b/w the images, it's better if these images are in sync so I added a small change to synchronize the alpine OS version and make it explicit.