Let's remove the debugging utilities from all the Conduit Docker images.

Currently we have Dockerfile-base that is based on jessie-slim and which installs the following utilities:

• curl
• dnsutils
• iptables
• jq
• nghttp2

We do this because we want to help with debugging networking issues. However:

• In Kubernetes, all the containers in the same pod share a networking namespace. This means that it is possible to have a separate debugging container that, when injected into the pod, gets the same network access. This means that when we need to do debugging, we can "just" inject this kind of base container into the pod and then re-roll the pod. We don't need these tools to be in every pod by default.
• Conduit is supposed to be lightweight. Primarily we're interested in memory and networking overhead, but the size of the containers matters too. Removing these from the container images will reduce the container sizes, making Conduit even more lightweight.
• Having utilities like curl around inside the containers increases the capabilities of anybody to pivot (etc.) after exploiting any vulnerability that allows code execution. Removing these utilities from the containers will make it harder to do terrible things post-exploitation.
• For security reasons, we are going to lock down the capabilities of the containers such that it is unlikely that these utilities are going to work in the containers anyway. In particular, none of our containers except the proxy init container should be able to spawn processes in the first place. Thus the utilities won't work
• We need to optimize the docker build process to make development ergonomics better.

/cc @klingerf @olix0r