Address CVE-2019-3462

[emkll]

If a user has pulled the Debian/Ubuntu image prior to 20190122, the same image will be reused in the future since we do not pin versions of the image. We should explicitly specify the image version to include the apt fix.
Unfortunately this will mean that we should update these on occasion.
To test:

• Ensure the images specified are not vulnerable to CVE-2019-3462
• Ensure all Docker images in all scenarios have been updated

[conorsch]

Reviewed all docker-based scenarios and confirmed apt version is sufficient for patch. The minimum patched versions, per distro, are:

Platform	Patched apt version
Debian Stretch	1.4.9
Debian Jessie	1.0.9.8.5
Ubuntu Trusty	1.0.1ubuntu2.19
Ubuntu Xenial	1.2.29ubuntu0.1

Output from each scenario:

grsecurity-build-ubuntu-trusty | SUCCESS | rc=0 >>
1.0.1ubuntu2.20

grsecurity-build-debian-jessie | SUCCESS | rc=0 >>
1.0.9.8.5

grsecurity-rebuild-securedrop-trusty | SUCCESS | rc=0 >>
1.2.29ubuntu0.1

grsec_build_jessie | SUCCESS | rc=0 >>
1.0.9.8.5

grsecurity-build-securedrop-trusty | SUCCESS | rc=0 >>
1.2.29ubuntu0.1

#grsecurity-build-unofficial-stretch | SUCCESS | rc=0 >>
1.4.9

grsecurity-build-stable3-stretch | SUCCESS | rc=0 >>
1.4.9

Those versions satisfy across the board.