docker: switch to multistage build

[mccutchen]

This results in a minimal final image without the full golang runtime, addressing #20.

RFR @loganmeetsworld @shrayolacrayon
cc @danbf

[loganmeetsworld]

Thought we'd already removed this!

[loganmeetsworld]

Looks good @mccutchen!

[mccutchen]

Size difference, for posterity:

$ docker image list | grep sso
sso                             master              57eb2a5f0f46        About a minute ago       1.13GB
sso                             alpine              cc20033f631e        10 minutes ago           26.3MB

Went from 1.13GB to 26.3MB!

[mccutchen]

Check latest commit, we need to add the ca-certificates package to the final image. Without it, we get an error trying to talk to Google:

{"error":"Post https://www.googleapis.com/oauth2/v3/token: x509: failed to load system roots and no roots provided","level":"error","msg":"error redeeming authentication code","remote_address":"172.20.0.1","service":"sso-auth","time":"2018-08-23 00:57:22.82312"}

[mccutchen]

Another update: Apparently something about the alpine image prevents the pure Go DNS resolver from properly reading /etc/hosts, which breaks the quick start:
https://groups.google.com/d/msg/golang-nuts/G-faJ0bthz0/Lx-MsDIOCAAJ

Now we've updated to debian:stable-slim instead of alpine:3.8 for the base image, bringing our final image size up to 83MB:

sso                             debian              888f18f0bcc5        39 seconds ago      83.5MB

[danbf]

wow, great size savings!

[loganmeetsworld]

Just one request: Can we squash the commits or rephrase the last two commits to give a little more context?

[mccutchen]

Yep! Just wanted to makes sure y’all had a chance to see the individual fixes before I squashed them away!

[mccutchen]

@loganmeetsworld squashed!