UID2-6655: Suppress CVE-2026-1584 (gnutls) in .trivyignore (#2394)

* Upgrade gnutls to fix CVE-2026-1584 vulnerability

Add explicit gnutls upgrade in Dockerfile to address HIGH severity
vulnerability CVE-2026-1584 in gnutls 3.8.11-r0 (fixed in 3.8.12-r0)
in the alpine base image. The vulnerability allows Remote Denial of
Service via crafted ClientHello with invalid PSK.

Jira: UID2-6655

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

* UID2-6655: Add CVE-2026-1584 to .trivyignore instead of upgrading gnutls

gnutls is an OS-level library present in the alpine base image but is not
used by our Java service. Upgrading it via apk introduces unnecessary risk
of breaking system-level dependencies. The vulnerability (Remote DoS via
crafted ClientHello) has no impact on our software.

CVE-2026-1584 exp:2026-08-27

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>

---------

Co-authored-by: Claude Sonnet 4.6 <[email protected]>

Author: sunnywu

.trivyignore

@@ -6,4 +6,8 @@
 CVE-2025-66293 exp:2026-06-15
 
 # UID2-6481
-CVE-2025-68973 exp:2026-06-15
+CVE-2025-68973 exp:2026-06-15
+
+# gnutls DoS vulnerability via crafted ClientHello - not impactful as gnutls is not used by our Java service
+# See: UID2-6655
+CVE-2026-1584 exp:2026-08-27