fix all hadolint & bump golang version to resolve CVEs

Dockerfile

@@ -1,6 +1,7 @@
-FROM golang:1.21.4 AS builder
+FROM golang:1.23 AS builder
 
-RUN apt-get update && apt-get install -y make git bash gcc curl jq
+# hadolint ignore=DL3008
+RUN apt-get update && apt-get install --no-install-recommends -y ca-certificates make git bash gcc curl jq && rm -rf /var/lib/apt/lists/*
 
 # Build
 WORKDIR /go/src/github.com/babylonlabs-io/covenant-emulator
@@ -19,15 +20,17 @@ FROM debian:bookworm-slim AS run
 
 RUN addgroup --gid 1138 --system covenant-emulator && adduser --uid 1138 --system --home /home/covenant-emulator covenant-emulator
 
-RUN apt-get update && apt-get install -y bash curl jq wget
+# hadolint ignore=DL3008
+RUN apt-get update && apt-get install --no-install-recommends -y ca-certificates bash curl jq wget && rm -rf /var/lib/apt/lists/*
 
 COPY --from=builder /go/src/github.com/babylonlabs-io/covenant-emulator/go.mod /tmp
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN WASMVM_VERSION=$(grep github.com/CosmWasm/wasmvm /tmp/go.mod | cut -d' ' -f2) && \
-    wget https://github.com/CosmWasm/wasmvm/releases/download/$WASMVM_VERSION/libwasmvm.$(uname -m).so \
-        -O /lib/libwasmvm.$(uname -m).so && \
+    wget -q https://github.com/CosmWasm/wasmvm/releases/download/$WASMVM_VERSION/libwasmvm."$(uname -m)".so \
+        -O /lib/libwasmvm."$(uname -m)".so && \
     # verify checksum
-    wget https://github.com/CosmWasm/wasmvm/releases/download/$WASMVM_VERSION/checksums.txt -O /tmp/checksums.txt && \
-    sha256sum /lib/libwasmvm.$(uname -m).so | grep $(cat /tmp/checksums.txt | grep libwasmvm.$(uname -m) | cut -d ' ' -f 1)
+    wget -q https://github.com/CosmWasm/wasmvm/releases/download/$WASMVM_VERSION/checksums.txt -O /tmp/checksums.txt && \
+    sha256sum /lib/libwasmvm."$(uname -m)".so | grep $(cat /tmp/checksums.txt | grep libwasmvm."$(uname -m)" | cut -d ' ' -f 1)
 RUN rm -f /tmp/go.mod
 
 COPY --from=builder /go/src/github.com/babylonlabs-io/covenant-emulator/build/covd /bin/covd