cni: change base runtime image from scratch to alpine (#238)

PR #237 changed the base runtime image for the CNI init container from
`debian:bullseye-slim` to `scratch`, in the hopes of reducing the
dependency footprint of that image. Unfortunately, it turns out that
this breaks the CNI init container, since it must execute shell scripts
and therefore requires a shell (specifically, `bash`), which does not
exist in the `scratch` image. This was not detected by CI in this repo
on PR #237, because it turns out that the CI jobs don't actually try to
run the CNI init container. Instead, we didn't discover that this breaks
stuff until the change was fully integrated in linkerd/linkerd2#10855.

This commit changes the base runtime image again, to `alpine:3.17.3`,
similarly to the proxy-init dockerfile. We now install the necessary
dependencies using `apk add` in the alpine layer. We also install `bash`,
because Alpine doesn't ship with `bash` by default. This way, we should
have a shell, and be able to run the install script again.

Dockerfile-cni-plugin

@@ -17,25 +17,19 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH GO111MODULE=on \
     go build -o /go/bin/linkerd-cni -mod=readonly -ldflags "-s -w" -v ./cni-plugin/
 
 ##
-## Runtime dependencies
+## Runtime
 ##
 
-FROM debian:bullseye-slim as deps
+FROM --platform=$TARGETPLATFORM alpine:3.17.3 as runtime
 WORKDIR /linkerd
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN apk add \
+    # For inotifywait
     inotify-tools \
+    # For pgrep
     procps \
-    jq && \
-    rm -rf /var/lib/apt/lists/*
-
-##
-## Runtime
-##
+    bash \
+    jq
 
-FROM scratch as runtime
-COPY --from=deps /usr/bin/inotifywait /usr/bin/inotifywait
-COPY --from=deps /usr/bin/pgrep /usr/bin/pgrep
-COPY --from=deps /usr/bin/jq /usr/bin/jq
 COPY --from=go /go/bin/linkerd-cni /opt/cni/bin/
 COPY LICENSE .
 COPY cni-plugin/deployment/scripts/install-cni.sh .