We should migrate Mimir to a distroless Docker image, to reduce the attack surface.

The main pushback towards this move was because it's then very difficult to debug a live container (e.g. look at files on disk or sockets), but in recent K8S versions we could use kubectl debug (doc) to add a debugging container to a running pod.