[Go SDK] Use distroless:debian12 (no-ssl) as base image.

[lostluck]

Move Go SDK image to use distroless as the base image, instead of the docker debian image.

Technically, the same version of debian, but with everything but glibc stripped out of it.

Go binaries (Go SDK binaries in particular) don't need external deps or most other parts of the OS toolchains, so this reduces the vulnerabilities to largely intractable to fix glibc issues.

We could remove glibc as by default the SDK doesn't need to compile with C-go enabled (the only reason to link in glibc for go running binaries) but it is handy for users who would depend on it.

distroless has the ca-certificates pre-installed, and as long as we build against latest, it remains relatively up to date. It's not clear to me why we chose to remove the licenses except when configured, but it's harder to remove things conditionally when the shell tools and bash aren't present.

---

Thank you for your contribution! Follow this checklist to help us incorporate your contribution quickly and easily:

• Mention the appropriate issue in your description (for example: addresses #123), if applicable. This will automatically add a link to the pull request in the issue. If you would like the issue to automatically close on merging the pull request, comment fixes #<ISSUE NUMBER> instead.
• Update CHANGES.md with noteworthy changes.
• If this contribution is large, please file an Apache Individual Contributor License Agreement.

See the Contributor Guide for more tips on how to make review process smoother.

To check the build health, please visit https://github.com/apache/beam/blob/master/.test-infra/BUILD_STATUS.md

GitHub Actions Tests Status (on master branch)

See CI.md for more information about GitHub Actions CI or the workflows README to see a list of phrases to trigger workflows.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (4f3963f) 38.45% compared to head (ac8e7d8) 38.45%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #30011      +/-   ##
==========================================
- Coverage   38.45%   38.45%   -0.01%     
==========================================
  Files         697      697              
  Lines      102216   102216              
==========================================
- Hits        39306    39304       -2     
+ Misses      61284    61282       -2     
- Partials     1626     1630       +4     

Flag	Coverage Δ
go	54.22% <ø> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

Assigning reviewers. If you would like to opt out of this review, comment assign to next reviewer:

R: @riteshghorse for label go.

Available commands:

• stop reviewer notifications - opt out of the automated review tooling
• remind me after tests pass - tag the comment author after tests pass
• waiting on author - shift the attention set back to the author (any comment or push by the author will return the attention set to the reviewers)

The PR bot will only process comments in the main thread (not review comments).

[riteshghorse]

LGTM, thanks!