chore - Switch to slim base image for improved security

[raymyers]

• [ ] This change is worth documenting at https://docs.all-hands.dev/
• [X] Include this change in the Release Notes. If checked, you must provide an end-user friendly description for your change below

End-user friendly description of the problem this fixes or functionality that this introduces.

Build runtime sandbox based on smaller Docker image.

---

Give a summary of what the PR does, explaining any non-trivial design decisions.

We are trying to reduce the vulnerabilities found in image scans using SCA tools like trivy. This change switches to the slim variant of our base image so that we don't include packages we don't need. Both slim and the image we were using before are based on the current Debian Stable, Bookworm.

A positive side effect is our image will get smaller. A potential hazard is that some users may be accustomed to certain packages being available which now must be installed. Perhaps we can figure out what some of those are.

---

Link of any specific issues this addresses.

---

To run this PR locally, use the following command:

docker run -it --rm   -p 3000:3000   -v /var/run/docker.sock:/var/run/docker.sock   --add-host host.docker.internal:host-gateway   -e SANDBOX_RUNTIME_CONTAINER_IMAGE=docker.all-hands.dev/all-hands-ai/runtime:5dd9910-nikolaik   --name openhands-app-5dd9910   docker.all-hands.dev/all-hands-ai/openhands:5dd9910