Feature: base docker image on distroless debian13, nonroot

[scop]

Shaves off 14MB (a third) of the image size, gets rid of unnecessary distro features.

There doesn't appear to be a reason to run the daemon as root in the container either, so go with the nonroot variant.

https://github.com/GoogleContainerTools/distroless#why-should-i-use-distroless-images

The static-debian13 image does contain tzdata -- I'm assuming that's needed as it was explicitly installed before. (In absence of shell, image contents can be examined for example with https://github.com/wagoodman/dive)

Caveat: very lightly tested.

[axllent]

Thanks @scop - however you have already submitted a PR exactly like this recently (#652) which I accepted and then had to revert.

1. i386 arch is not supported in these images
2. I would need to use the root-flavoured version due to backwards-compatibility as many existing setups which previously ran as root would suddenly have insufficient permissions to access existing data (so break) or mounted filesystems.

Unfortunately there is no way for me to gauge the use of i386 in Docker (Docker does not distinguish the the number of pull requests). I can see how many binary downloads there are however for i386 (37 vs 10,300 Linux amd64 for the previous release, so a fraction).

So I'm conflicted.

[scop]

Oops, sorry about that, just going through some deps I have that have not yet converted, forgot about having tried this one already. I guess nothing has changed since, so closing -- feel free to reopen and merge if things change.

[axllent]

That's all good :)