feat: Dockerfile hadolint scan

[shivani170]

Description

• Overview
  Currently, Devtron focuses primarily on post-build image scanning (Trivy/Clair). This feature shifts security "left" by introducing Dockerfile Linting and Security Scanning during the CI build phase.
  By integrating Hadolint, we enable developers to catch insecure patterns (e.g., running as root, missing version tags, leaked secrets in instructions) before the image is even built.

Fixes https://github.com/devtron-labs/sprint-tasks/issues/2829

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

Checklist:

• The title of the PR states what changed and the related issues number (used for the release note).
• Does this PR require documentation updates?
• I've updated documentation as required by this PR.
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas

[github-actions]

Some linked issues are invalid. Please update the issue links:\nIssue # in is not found or invalid (HTTP }404).\n

[github-actions]

Some linked issues are invalid. Please update the issue links:\nIssue # in is not found or invalid (HTTP }404).\n

[sonarqubecloud]

Quality Gate passed

Issues
6 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud