Use `distroless` for a more secure and minimal Python Docker image

[trottomv]

Currently, the Dockerfile used for djangoproject.com is based on the official python:3.12-slim-bookworm, which is built on Debian 12 (Bookworm). While this is a common practice, a more modern and widely adopted approach is to use a Distroless base image (Google Distroless).

Why Distroless?

• Security: Distroless minimizes the attack surface by removing unnecessary tools and packages, reducing the risk of vulnerabilities.
• Smaller Image Size: Distroless images are more lightweight, leading to faster builds and deployments.

Proposed Changes

• Update the Dockerfile to use gcr.io/distroless/python3 (or another appropriate Distroless variant).
• Ensure compatibility with existing dependencies and verify that the application runs as expected.
• Test the new image for any unexpected behavior.

Expected Benefits

• Improved security by eliminating unnecessary system utilities.
• Reduced image size, leading to faster deployments and lower storage costs.
• A more production-ready and hardened container environment.