Enhancement/crs update hardening

[Divyateja2709]

hi @adrianwinckles

I'm working on making our Docker-based ModSecurity WAF honeypot capable of updating itself without compromising the integrity of the container or creating supply chain vulnerability, with an ability to perform the updates in an unattended fashion.
In specific, I've updated three things:

• crs_update.sh: We have added a hardened mechanism for updating the CRS, which: only runs when explicitly invoked; can verify the downloaded CRS (optional SHA-256 sum verification); validates the expected format of the extracted CRS; handles concurrency races during update; atomically replaces the rules with fallback support; and outputs a small status JSON in order to trace update results in the container runtime.
• modsec_entry.sh: I've made our startup procedure more robust by turning CRS updates into a "best effort" operation (so that the container can still start up using the bundled CRS when updates fail), and supervised Apache, log preprocessing and Filebeat with proper signal handling for clean shutdown so the container will respond predictably within a Docker environment.
• Dockerfile: I've aligned the installed dependencies to include the necessary tooling for the updater (download, extract, hash), kept environment defaults unchanged, and optionallypinned/verifies the downloaded Filebeat package at build-time to remove the possibility of tampering or the need to worry about broken upstream mirror locations, and consolidated build steps where possible to lower the layer count and clean up the image.