Dockerfile: switch to Chainguard static image

[tuananh]

I switch from minideb to Chainguard's static image (this one has ca-certificates-bundle installed already, hence I remove the RUN instruction)

minideb has lots of CVE:

Total: 76 (UNKNOWN: 0, LOW: 58, MEDIUM: 8, HIGH: 9, CRITICAL: 1)

After switch to Chainguard's static, only 14 left. all are coming from kubewatch's dependencies, which I can patch in another PR.

Also, size has reduce from 112MB down to 33MB

[tuananh]

@arikalon1 kindly take a look :)

[tuananh]

@aantn @arikalon1 can we get this review?

[aantn]

Hey, sorry about the delay.

Would using the Google distroless images work here too?

[tuananh]

@aantn i suppose it would.

the two are a bit different like distroless is still relying on traditional OS like debian while chainguard images are container specific workload.

however, for this static base image, i suppose the two are equivalent.

if you're in doubt, Tekton and ko project recently adopted Chainguard image as base images too.

[tuananh]

@aantn would you prefer to use distroless as base instead? I can update this PR accordingly.

[arikalon1]

Thanks for the PR @tuananh We're going to merge it soon, as soon as we find some time to give it a quick test.