chore: reduce COPY's and wget's

[rjaegers]

🚀 Hey, I have created a Pull Request

Description of changes

This PR tries to replace all unnecessary COPY instructions with bind mounts, and all unnecessary wget invocations with ADD instructions. The intent is to reduce the number of layers and reduce any form of residue in the final image.

In the process add more checksums.

✔️ Checklist

• I have followed the contribution guidelines for this repository
• I have added tests for new behavior, and have not broken any existing tests
• I have added or updated relevant documentation
• I have verified that all added components are accounted for in the SBOM

[Copilot]

Pull Request Overview

This PR simplifies the Dockerfile by replacing many COPY and wget instructions with bind mounts and ADD instructions to reduce image layers and residual files while adding checksum verifications.

• Replaces unnecessary COPY instructions with bind mounts.
• Replaces wget invocations for certificate retrieval with an ADD instruction using a checksum.
• Updates cleanup commands to target apt cache directories consistently.

[github-actions]

📦 Container Size Analysis

Comparing ghcr.io/philips-software/amp-devcontainer-rust:edge to ghcr.io/philips-software/amp-devcontainer-rust:pr-814

📈 Size Comparison Table

OS/Platform	Previous Size	Current Size	Change	Trend
linux/amd64	489.22M	489.22M	0.00 (+0.00%)	🔄
linux/arm64	441.18M	441.18M	0.00 (+0.00%)	🔄

[github-actions]

Test Results

 4 files  ±0   4 suites  ±0   1m 16s ⏱️ - 1m 12s
30 tests ±0   7 ✅  - 23  0 💤 ±0  23 ❌ +23 
64 runs  ±0  18 ✅  - 46  0 💤 ±0  46 ❌ +46 

For more details on these failures, see this check.

Results for commit f761eb4. ± Comparison against base commit e21c90e.

♻️ This comment has been updated with latest results.

[github-actions]

🦙 MegaLinter status: ❌ ERROR

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	18		0	0	0.48s
❌ DOCKERFILE	hadolint	2		1	0	0.59s
✅ GHERKIN	gherkin-lint	2		0	0	1.01s
✅ JSON	npm-package-json-lint	yes		no	no	0.48s
✅ JSON	prettier	16	1	0	0	0.49s
✅ JSON	v8r	16		0	0	8.17s
✅ MARKDOWN	markdownlint	9	0	0	0	0.91s
✅ MARKDOWN	markdown-table-formatter	9	0	0	0	0.32s
✅ REPOSITORY	checkov	yes		no	no	17.33s
✅ REPOSITORY	gitleaks	yes		no	no	0.4s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
⚠️ REPOSITORY	grype	yes		no	2	24.31s
✅ REPOSITORY	secretlint	yes		no	no	0.96s
✅ REPOSITORY	syft	yes		no	no	1.94s
❌ REPOSITORY	trivy	yes		1	1	7.13s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.24s
✅ REPOSITORY	trufflehog	yes		no	no	3.33s
✅ SPELL	lychee	63		0	0	1.74s
✅ YAML	prettier	24	0	0	0	1.06s
✅ YAML	v8r	24		0	0	6.95s
✅ YAML	yamllint	24		0	0	0.88s

See detailed report in MegaLinter reports

[github-actions]

📦 Container Size Analysis

Comparing ghcr.io/philips-software/amp-devcontainer-cpp:edge to ghcr.io/philips-software/amp-devcontainer-cpp:pr-814

📈 Size Comparison Table

OS/Platform	Previous Size	Current Size	Change	Trend
linux/amd64	662.41M	700.93M	38.53M (+5.82%)	🔼
linux/arm64	645.11M	682.52M	37.42M (+5.80%)	🔼

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

This pull request is marked stale because it has been open for an extended period with no activity. Remove the 'stale' label or comment otherwise this pull request will be closed in 7 days.

[github-actions]

This pull request is marked stale because it has been open for an extended period with no activity. Remove the 'stale' label or comment otherwise this pull request will be closed in 7 days.

[github-actions]

This pull request is marked stale because it has been open for an extended period with no activity. Remove the 'stale' label or comment otherwise this pull request will be closed in 7 days.