Use distroless base image for tempo

This image contains busybox, making debugging easier by running /busybox/sh

cmd/tempo/Dockerfile

@@ -1,13 +1,15 @@
-FROM alpine:3.21 AS certs
-RUN apk --update add ca-certificates
-ARG TARGETARCH
-COPY bin/linux/tempo-${TARGETARCH} /tempo
+FROM gcr.io/distroless/static-debian12:debug AS builder
+
+# we need this because some docker-compose files call chown assuming there's a shell
+SHELL ["/busybox/sh", "-c"]
 
-RUN addgroup -g 10001 -S tempo && \
-    adduser -u 10001 -S tempo -G tempo
+RUN ["/busybox/addgroup", "-g", "10001", "-S", "tempo"]
+RUN ["/busybox/adduser", "-u", "10001", "-S", "tempo", "-G", "tempo"]
+RUN ["/busybox/mkdir", "-p", "/var/tempo", "-m", "0700"]
+RUN ["/busybox/chown", "-R", "tempo:tempo", "/var/tempo"]
 
-RUN mkdir -p /var/tempo -m 0700 && \
-    chown -R tempo:tempo /var/tempo
+ARG TARGETARCH
+COPY bin/linux/tempo-${TARGETARCH} /tempo
 
 USER 10001:10001