chore(security): update docker base images and patch go dependencies

[nXtCyberNet]

Proposed changes

This PR updates Dockerfiles across the repository to use the latest patched base images (primarily UBI variants) and applies security patches/updates to Go dependencies where applicable.

• Bump base images in relevant Dockerfiles to their most recent patched/minimal versions to address known vulnerabilities in the base layers.
• Perform targeted Go dependency updates/patching (via go.mod/go.sum hygiene) to resolve security issues in dependencies.
• Scope is strictly limited to these updates — no Argo Workflows dependencies or related components are touched or updated in this PR.
• No runtime, functional, or behavioral changes are introduced.

Closes / Fixes:

• Security: Vulnerability Scan Results for litmusportal-auth-server #5313 (Security: Vulnerability Scan Results for litmusportal-auth-server)
• seclog: [HIGH] Multiple Critical Dependencies with Known Vulnerabilities Detected #5336 (seclog: [HIGH] Multiple Critical Dependencies with Known Vulnerabilities Detected)
• Critical Security Risks in Litmus via Outdated Argo Dependencies (incl. CVE-2025-32445 PrivEsc + unmaintained gnostic protobuf library) #5458 (Vulnerability: Multiple CVEs in litmuschaos/chaoscenter images)

Note: This is a focused refresh of the original intent behind #5394, but without any broader dependency alignments (e.g., no gnostic/protobuf replaces or Argo-related changes) to keep the PR minimal and avoid CI blockers from unrelated conflicts.

Types of changes

What types of changes does your code introduce to Litmus? Put an x in the boxes that apply

• New feature (non-breaking change which adds functionality)
• Bugfix (non-breaking change which fixes an issue)
• Maintenance / Security Update (Docker base images + limited Go dependency patching — no user-facing change)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation Update (if none of the other choices applies)

Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code.

• I have read the CONTRIBUTING doc
• I have signed the commit for DCO to be passed.
• Lint and unit tests pass locally with my changes
• I have added tests that prove my fix is effective or that my feature works (if appropriate) → Not applicable (security/maintenance only)
• I have added necessary documentation (if appropriate) → Not applicable

Dependency

• None (no external PRs required; changes are self-contained to Dockerfiles and Go deps patching).

Special notes for your reviewer:

• Intentional narrow scope: Only Docker base image updates + patching of existing Go dependencies (no new replaces, no Argo Workflows or protobuf-related fixes included to prevent CI panics from transitive conflicts).
• Removed clearly unnecessary/obsolete lines where identified (e.g., microdnf module enable nginx:1.20 not needed in newer UBI versions; unused python3/pip installs if confirmed removable).
• frontend dockerfile was clenuped based on the @Jonsy13 suggestions.
• While working on dependency updates, it was observed that Argo Workflows relies on github.com/google/gnostic-models instead of github.com/google/gnostic; to ensure security vulnerabilities could be properly addressed, the correct module (gnostic-models) has been added where required. please see Critical Security Risks in Litmus via Outdated Argo Dependencies (incl. CVE-2025-32445 PrivEsc + unmaintained gnostic protobuf library) #5458
  This PR directly targets the reported CVEs by updating the base images used in the chaoscenter-related Dockerfiles to their latest patched UBI versions. Once merged and images rebuilt, a fresh scan should show significant reduction or closure of the listed vulnerabilities in the chaoscenter images.

Thanks for reviewing — let's get these security updates landed!

[PriteshKiri]

Hey @nXtCyberNet

A few checks are failing. Could you please look into it?

[nXtCyberNet]

Hi @PriteshKiri ,
can you please allow the ci workflows to run
also while updating the dependencies in event-tracker, I found that the
sigs.k8s.io/controller-runtime/pkg/envtest/printer package was removed
in controller-runtime v0.16.0+.

To keep the functionality intact, I replaced RunSpecsWithDefaultAndCustomReporters
with RunSpecs using Ginkgo v2's built-in reporter.

This is required to support controller-runtime v0.15.0 and maintain
compatibility with the updated grpc v1.80.0 dependency.

[PriteshKiri]

Hey @nXtCyberNet

Could you please resolve the conflicts?

[nXtCyberNet]

Hey @nXtCyberNet

Could you please resolve the conflicts?

Done resolving the conflicts. Could you please enable the CI now?

[nXtCyberNet]

hi @PriteshKiri , could you please allow the ci to run again , thanks!

[nXtCyberNet]

hi @PriteshKiri the ci is failed due to issue #5481

[nXtCyberNet]

Any updates?

[PriteshKiri]

Hey @nXtCyberNet

Apologies for the delayed response. Your PR is under review. and it will get merged before the next release.

[uditgaurav]

Looks good. Thanks @nXtCyberNet!

[PriteshKiri]

@nXtCyberNet could you please resolve the conflicts?

[nXtCyberNet]

@nXtCyberNet could you please resolve the conflicts?

I’ve resolved the conflicts. Could you please allow the CI runs? Thanks!

[SarthakJain26]

@nXtCyberNet the build pipeline for graphql-server is failing, can you please fix this.