feat: introduce distro detection model for container rootfs

[PrasanthYT]

Overview

This change introduces Linux distribution detection for container images by inspecting the reconstructed root filesystem.

The detection result is used to determine which package manager and vulnerability data sources should be used during container scanning.

Supported Detection Sources

Distribution detection inspects common OS metadata files inside the container filesystem.

Primary source:

/etc/os-release

Fallback sources:

/etc/alpine-release
/etc/debian_version

Supported Distributions

The container engine now classifies images into the following categories:

enum Distro {
    Alpine,
    Debian,
    Ubuntu,
    RHEL,
    Distroless,
    Unknown,
}

Distroless Detection

If standard OS metadata files are missing, the image is classified as Distroless.

This is common for minimal runtime containers.

Integration

Distribution detection occurs after the root filesystem reconstruction step.

Pipeline:

ContainerEngine
  → Image acquisition
  → RootFS builder
  → Distro detection

The detected distribution will guide package extraction in upcoming container scanning steps.

Behavior

• No impact on SCA scanning
• No behavioral regression
• Unknown distributions handled safely
• Scan continues even if detection fails

Impact

This step prepares the container engine for accurate OS package detection and vulnerability analysis based on the container’s underlying distribution.