feat: change image to scratch

[vishal-chdhry]

Updating the base to alpine 3.18 reduces the size of image from 583.97MB to 79.2MB

Image verification is working as intended on main.

$ kubectl apply -f configs/samples/kyverno-policy.yaml
clusterpolicy.kyverno.io/check-images configured
$ kubectl -n test-notation run test --image=844333597536.dkr.ecr.us-west-2.amazonaws.com/kyverno-demo:v1 --dry-run=server
pod/test created (server dry run)
$ kubectl -n test-notation run test --image=844333597536.dkr.ecr.us-west-2.amazonaws.com/kyverno-demo:v1-unsigned --dry-run=server
Error from server: admission webhook "validate.kyverno.svc-fail" denied the request: 

resource Pod/test-notation/test was blocked due to the following policies 

check-images:
  call-aws-signer-extension: 'failed to check deny conditions: failed to substitute
    variables in condition key: failed to resolve result.verified at path : JMESPath
    query failed: Unknown key "result" in path'

[vishal-chdhry]

Even if I use scratch and build the plugin without debug information, (this build didn’t work for some reason although pod was created)

RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags="-w -s" -o kyverno-notation-aws .

I could not get the size below 51.63 MB

1. Scratch Image and no debug information - 51.63 MB (Not working…) (Added SSL CA certificates and now it works!)
2. Alpine Image and no debug information - 58.96 MB
3. Alpine Image with debug information - 69.92 MB
4. Alpine Image with debug information and tree - 79.2 MB

Is there anything else that I can try?