Harden dockerfile update base images

[Anthony-Ucci]

Summary

This PR updates the Dockerfile to reduce security findings reported by Trivy on the container image.

The previous Dockerfile used floating base image tags:

• golang:1
• alpine:latest

A Trivy scan on the built image reported HIGH severity vulnerabilities in:

• Alpine OpenSSL packages: libcrypto3 / libssl3
• Go standard library used by the compiled binary

This PR pins the builder and runtime base images, upgrades Alpine packages during the final image build, and keeps the application running as a non-root user.

Changes

• Pin the Go builder image instead of using golang:1
• Pin the Alpine runtime image instead of using alpine:latest
• Run Alpine package upgrades during the runtime image build
• Keep the existing non-root user setup
• Keep the existing dumb-init entrypoint behavior

Validation

After rebuilding the image with the updated Dockerfile, the following Trivy command reports zero HIGH/CRITICAL vulnerabilities:

trivy image --scanners vuln,secret --severity HIGH,CRITICAL s3manager-secure:local

Result:

alpine   : 0 vulnerabilities
gobinary : 0 vulnerabilities

This does not guarantee that the image is fully secure, but it removes the currently detected HIGH/CRITICAL findings reported by Trivy for the rebuilt image.