Reduce the docker image size using FROM scratch

[LucaDario]

Summary

This PR optimizes the containerization strategy by switching the final Docker image stage to FROM scratch, significantly reducing image size and attack surface while preserving runtime behavior.

Type of Change

• feat: A new feature
• fix: A bug fix
• docs: Documentation only changes
• style: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
• refactor: A code change that neither fixes a bug nor adds a feature
• perf: A code change that improves performance
• test: Adding missing tests or correcting existing tests
• build: Changes that affect the build system or external dependencies
• ci: Changes to our CI configuration files and scripts
• chore: Other changes that don't modify src or test files
• revert: Reverts a previous commit

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

This PR updates the runtime container image to a minimal scratch base to reduce image size and remove unused OS packages.

Changes:

• Switch runtime stage from debian:bookworm-slim to scratch.
• Remove apt-get installs for certificates/tools/runtimes and instead copy the CA bundle from the builder stage.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.