refactor(Dockerfile): use ghcr.io/linkerd/proxy base image

[cratelyn]

see #4333 for previous context.

this commit makes changes to the Dockerfile provided in this repository,
for use in the proxy's development process.

rather than using debian:bookworm-slim as the base image, this commit
helps deduplicate the tricky business of setting networking capabilities
on executables needed when running as an init container.

this has one negative consequence, which is that we can no longer attach
to a bash shell in a running pod when using this image. this is
unfortunate, but in my experience isn't often needed by proxy
developers.

i believe that, should we need to revisit the need for a shell in this
image, we should do instead make use of the Dockerfile-debug image
provided in the linkerd2 repo.

if we ran a command like
just docker --build-arg LINKERD2_IMAGE='ghcr.io/linkerd/debug:edge-25-11.3'
we could specify the debug image as a base image instead, providing
developers not only with a shell, but also other helpful utilities like
curl, tcpdump, and so on.

unfortunately, this does not work today, because the image appears to no
longer be published, and has drifted from our latest edge release. i
have not pulled on that string further at the time of writing.

one explicit benefit of the changes in this commit is that we bring
proxy development closer to the real world, meaning that CI in this
repository runs using the same image that the proxy will run inside of
in the linkerd2 repository and in typical clusters.

---

• build(controller)!: eliminate policy-controller image linkerd2#14348
• feat(proxy, proxy-init): Combine proxy and proxy-init and use minimal base image linkerd2#14577
• fix: proxy-init and policy-container images have been removed #4333

Signed-off-by: katelyn martin kate@buoyant.io

[zaharidichev]

Look great. Maybe for a follow-up, cant we modify the just file to resolve the latest edge version such as:

diff --git a/justfile b/justfile
index 3e049b60..ddea3341 100644
--- a/justfile
+++ b/justfile
@@ -189,8 +189,8 @@ docker *args='--output=type=docker': && _clean-cache
         --build-arg PROFILE='{{ profile }}' \
         --build-arg LINKERD2_PROXY_VENDOR='{{ LINKERD2_PROXY_VENDOR }}' \
         --build-arg LINKERD2_PROXY_VERSION='{{ LINKERD2_PROXY_VERSION }}' \
+        --build-arg LINKERD2_IMAGE='ghcr.io/linkerd/proxy:{{ if linkerd-tag == "" { _latest-edge-tag } else { linkerd-tag } }}' \
         --no-cache-filter=runtime \
-        {{ if linkerd-tag == '' { '' } else { '--build-arg=RUNTIME_IMAGE=ghcr.io/linkerd/proxy:' + linkerd-tag } }} \
         {{ if features != "" { "--build-arg PROXY_FEATURES=" + features } else { "" } }} \
         {{ if DOCKER_BUILDX_CACHE_DIR == '' { '' } else { '--cache-from=type=local,src=' + DOCKER_BUILDX_CACHE_DIR + ' --cache-to=type=local,dest=' + DOCKER_BUILDX_CACHE_DIR } }} \
         {{ args }}
@@ -242,6 +242,7 @@ action-dev-check:
 ##

 linkerd-tag := env_var_or_default('LINKERD_TAG', '')
+_latest-edge-tag := `curl -sL https://api.github.com/repos/linkerd/linkerd2/releases 2>/dev/null | jq -r '[.[] | select(.tag_name | startswith("edge-")) | .tag_name] | first' || echo "edge-25.11.3"`
 _controller-image := 'ghcr.io/linkerd/controller'
 _policy-image := 'ghcr.io/linkerd/controller'
 _init-image := 'ghcr.io/linkerd/proxy'