feat: use distroless container image (#134)

Switched to the distroless container image to increase security.

Author: sudomateo

Containerfile

@@ -1,16 +1,12 @@
-FROM docker.io/golang:1.25.0 AS builder
+ARG GO_VERSION=1.25.3
+FROM docker.io/golang:${GO_VERSION} AS builder
 
 WORKDIR /app
 COPY . .
 
 RUN CGO_ENABLED=0 go build .
 
-FROM docker.io/debian:bookworm
-
-RUN apt-get update && \
-    apt-get install -y --no-install-recommends ca-certificates curl && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
+FROM gcr.io/distroless/static-debian12:nonroot
 
 COPY --from=builder /app/oxide-cloud-controller-manager /usr/bin/oxide-cloud-controller-manager