Remove unnecessary dependencies from our images

[dervoeti]

To reduce the potential attack surface and thus the number of vulnerabilities in our images, we should try to remove all unnecessary dependencies.

The basic idea is to look for dependencies that are not really needed at runtime and remove them.
Some vague examples:

• Unneeded JAR files
• System packages (maybe set install_weak_deps=0 option for microdnf?)
• Packages that are needed for features that are never enabled in our platform

A good place to start might be to browse through critical vulnerabilities in SecObserve, inspect the components are affected by them and verify if they are really needed. Or to think about general options / techniques to clean up our images.

[lfrancke]

We already do set the settings to not install weak dependencies. This is in the base image

Edit: Not sure if we do the same for operators

[dervoeti]

Closing this as this was part of the vulnerability hackathon (my main concerns were adressed in #665 and stackabletech/operator-templating#361). We'll remove further unnecessary dependencies if we find some during vulnerability analysis, I don't think we need a general issue for this anymore.