BCDA-9583: remove caching of apk upgrade in dockerfiles (#1269)

## 🎫 Ticket

https://jira.cms.gov/browse/BCDA-9583

[related ssas PR](CMSgov/bcda-ssas-app#269)

## 🛠 Changes

<!-- What was added, updated, or removed in this PR? -->

- remove caching of `apk upgrade` in dockerfiles

## ℹ️ Context

<!-- Why were these changes made? Add background context suitable for a
non-technical audience. -->

The update/upgrade step should not be cached in order to conform with
[CMS Hybrid Cloud dockerfile
recommendations.](https://cloud.cms.gov/docker-container-security/#docker-container-scanning-and-remediation)

> When adding the update instruction, ensure that the --no-cache flag is
used during the docker build process to avoid using cached layers.
Otherwise, when you build any image later using the same instruction,
this will cause the previously cached update layer to be used,
potentially preventing any fresh updates from being applied to later
builds.

<!-- If any of the following security implications apply, this PR must
not be merged without Stephen Walter's approval. Explain in this section
and add @SJWalter11 as a reviewer.
  - Adds a new software dependency or dependencies.
  - Modifies or invalidates one or more of our security controls.
  - Stores or transmits data that was not stored or transmitted before.
- Requires additional review of security implications for other reasons.
-->

## 🧪 Validation

<!-- How were the changes verified? Did you fully test the acceptance
criteria in the ticket? Provide reproducible testing instructions and
screenshots if applicable. -->

Tested locally

---------

Co-authored-by: Parwinder Bhagat <Parwinder.Bhagat@e14s.com>

Author: michaeljvaldes

Dockerfiles/Dockerfile.bcda

@@ -23,11 +23,10 @@ RUN --mount=type=cache,target=/go/pkg/mod \
 # ------------------------------------------------------------------------
 FROM golang:1.25.4-alpine3.22
 
-RUN apk update upgrade && \
+RUN addgroup -S -g 1200 bcda && adduser -S -G bcda -u 1100 bcda && \
+    apk update upgrade --no-cache && \
     apk add --no-cache aws-cli
 
-RUN addgroup -S -g 1200 bcda && adduser -S -G bcda -u 1100 bcda
-
 # install dev packages if the environment argument was set to development
 ARG ENVIRONMENT
 RUN [ "$ENVIRONMENT" != "development" ] || apk add --no-cache bash && \

Dockerfiles/Dockerfile.bcdaworker

@@ -23,11 +23,10 @@ RUN --mount=type=cache,target=/go/pkg/mod \
 # ------------------------------------------------------------------------
 FROM golang:1.25.4-alpine3.22
 
-RUN apk update upgrade && \
+RUN addgroup -S -g 1200 bcda && adduser -S -G bcda -u 1100 bcda && \
+    apk update upgrade --no-cache && \
     apk add --no-cache aws-cli
 
-RUN addgroup -S -g 1200 bcda && adduser -S -G bcda -u 1100 bcda
-
 # install dev packages if the environment argument was set to development
 ARG ENVIRONMENT
 RUN [ "$ENVIRONMENT" != "development" ] || apk add --no-cache bash && \