fix(ui): trivy security issues on envtest

[Al-Pragliola]

Description

• Split Dockerfile.standalone into two Docker multi-stage targets: release (clean, no envtest) and mock (with envtest binaries for --mock-k8s-client=true)
• Updated the CI workflow to build and push only the release target, eliminating Trivy HIGH/CRITICAL CVE findings from kube-apiserver, etcd, and kubectl binaries shipped in the image
• Added docker-build-standalone-release Makefile target for building the release variant locally

How Has This Been Tested?

• Build both targets locally and verify release does not contain /envtest-bin/ while mock does
• Run trivy image against the release target and confirm no envtest-related CVEs
• Run the mock target with --mock-k8s-client=true and verify envtest control plane starts
• Verify docker build -f Dockerfile.standalone . (no --target) still defaults to mock stage for backward compatibility with docker-compose workflows

Merge criteria:

• All the commits have been signed-off (To pass the DCO check)

• The commits have meaningful messages
• Automated tests are provided as part of the PR for major new functionalities; testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
• The developer has manually tested the changes and verified that the changes work.
• Code changes follow the kubeflow contribution guidelines.
• For first time contributors: Please reach out to the Reviewers to ensure all tests are being run, ensuring the label ok-to-test has been added to the PR.

If you have UI changes

• The developer has added tests or explained why testing cannot be added.
• Included any necessary screenshots or gifs if it was a UI change.
• Verify that UI/UX changes conform the UX guidelines for Kubeflow.

[Al-Pragliola]

Cc @ederign

[ederign]

@Al-Pragliola check #2241 . Can you guys sync?

[crackcodecamp]

@Al-Pragliola I have patched go version in this PR #2241 let me know if you would like to add anything from this PR to there?

[Al-Pragliola]

@crackcodecamp @ederign @pboyd rebased

[manaswinidas]

/lgtm
/approve

[google-oss-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: manaswinidas
Once this PR has been reviewed and has the lgtm label, please ask for approval from al-pragliola. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment