We can create a final runtime layer in the Dockerfile for the images where we only stores the binaries, libraries and configurations actually needed to run the operator's binaries.

This would reduce the surface of attack and limit malicious users from exploiting a shell in the operator pods to attack the cluster. This is especially critical for the eBPF program ran by the execFormatError plugin as it runs in a privileged container.

After a discussion with Product Security, we agreed on targeting this enhancement/fix for MTO 1.3