Build distroless debug image variants

[jzelinskie]

We currently build SpiceDB container images based on distroless which ships an extremely minimal environment (it doesn't even include a shell). This makes debugging quite difficult if you aren't using a platform with debugging built-in (e.g. Kubernetes has kubectl debug).

Users today could write their own Dockerfiles that copy the SpiceDB binary from our image into a new base image (e.g. Alpine or Debian) to work around this, but it'd require that build their own images.

We could offer variants of our images using the distroless debug base so that debugging is as simple as changing their image name to authzed/spicedb:$VERSION-debug.

[dlorenc]

cc @jdolitsky @imjasonh

[imjasonh]

Adding a debug variant for static that includes busybox would be pretty straightforward. So much so that it already exists at distroless.dev/busybox 😄

It should be pretty easy to swap out the base image with a --build-arg and tag a new authzed/spicedb:$VERSION-debug based on distroless.dev/busybox. Let me know if that sounds good, and I can start sending PRs.

[jzelinskie]

That sounds good to me. Just make sure you check out the goreleaser configuration first -- it uses the Dockerfile.release environment to copy built binaries into. I'm not sure if there's a better way to do this, but in the ideal case we'd have only a single Dockerfile.