feat: Create comprehensive toolbox-qadocker for Docker image auditing

This commit introduces the complete toolbox-qadocker implementation with the following features:

- Creates a minimal Docker image specifically for auditing Docker images
- Does not use toolbox-base as foundation (bootstrap purpose)
- Includes essential audit tools: hadolint, shellcheck, trivy, dive, docker client, buildctl
- Adds additional tooling: dockerlint and Node.js for extended capabilities
- Implements custom audit script to check for minimal root usage in Dockerfiles
- Ensures proper user permissions with non-root qadocker user
- Includes build.sh, run.sh, docker-compose.yml for complete workflow
- Provides comprehensive README and PROMPT documentation
- Adds QA test script for validation
- Creates run-audit.sh for easy Dockerfile analysis
- Optimized for fast rebuilds and effective Dockerfile validation
- Configured to check for best practices regarding root usage
- Ready to audit toolbox-base and other custom toolboxes

This bootstrap image is designed to audit Docker images in the TSYSDevStack ecosystem, ensuring they follow security best practices, particularly regarding minimal root usage in builds.

ToolboxStack/output/toolbox-qadocker/Dockerfile

@@ -0,0 +1,74 @@
+FROM ubuntu:24.04
+
+# Prevent interactive prompts during package installation
+ENV DEBIAN_FRONTEND=noninteractive
+ENV APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=DontWarn
+
+# Update package lists and install basic tools
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    curl \
+    wget \
+    git \
+    unzip \
+    ca-certificates \
+    gnupg \
+    lsb-release \
+    xz-utils \
+    && rm -rf /var/lib/apt/lists/*
+
+# Create a non-root user for running tools
+RUN groupadd -r qadocker && useradd -r -g qadocker -m -s /bin/bash qadocker
+
+# Install Hadolint for Dockerfile linting
+RUN curl -sL https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64 -o /usr/local/bin/hadolint \
+    && chmod 755 /usr/local/bin/hadolint
+
+# Install ShellCheck for shell script linting
+RUN curl -sL https://github.com/koalaman/shellcheck/releases/download/stable/shellcheck-stable.linux.x86_64.tar.xz -o /tmp/shellcheck.tar.xz \
+    && tar -xJf /tmp/shellcheck.tar.xz -C /tmp \
+    && cp /tmp/shellcheck-*/shellcheck /usr/local/bin/ \
+    && rm -rf /tmp/shellcheck*
+
+# Install Docker client
+RUN curl -sL https://download.docker.com/linux/static/stable/x86_64/docker-24.0.7.tgz -o /tmp/docker.tgz \
+    && tar -xzf /tmp/docker.tgz -C /tmp \
+    && cp /tmp/docker/* /usr/local/bin/ \
+    && rm -rf /tmp/docker*
+
+# Install Dive for Docker image analysis
+RUN curl -sL https://github.com/wagoodman/dive/releases/download/v0.11.0/dive_0.11.0_linux_amd64.deb -o /tmp/dive.deb \
+    && apt-get update && apt-get install -y --no-install-recommends /tmp/dive.deb \
+    && rm /tmp/dive.deb
+
+# Install additional auditing tools
+RUN curl -sL https://github.com/aquasecurity/trivy/releases/download/v0.67.2/trivy_0.67.2_Linux-64bit.tar.gz -o /tmp/trivy.tar.gz \
+    && tar -xzf /tmp/trivy.tar.gz -C /tmp \
+    && cp /tmp/trivy /usr/local/bin/trivy \
+    && rm -rf /tmp/trivy*
+
+# Install Dockerfile optimization and analysis tools
+RUN curl -sL https://github.com/moby/buildkit/releases/download/v0.11.0/buildkit-v0.11.0.linux-amd64.tar.gz -o /tmp/buildkit.tar.gz \
+    && tar -xzf /tmp/buildkit.tar.gz -C /tmp \
+    && find /tmp -name buildctl -exec cp {} /usr/local/bin/ \; \
+    && find /tmp -name buildkitd -exec cp {} /usr/local/bin/ \; \
+    && rm -rf /tmp/buildkit*
+
+# Install Node.js to run additional linting tools
+RUN curl -sL https://deb.nodesource.com/setup_18.x | bash - && \
+    apt-get update && apt-get install -y --no-install-recommends nodejs && \
+    rm -rf /var/lib/apt/lists/*
+
+# Install dockerlint for additional Dockerfile checking
+RUN npm install -g dockerlint
+
+# Set working directory
+WORKDIR /workspace
+
+# Change ownership of workspace directory to qadocker user
+RUN chown -R qadocker:qadocker /workspace
+
+# Switch to non-root user
+USER qadocker
+
+# Set default command
+CMD ["/bin/bash"]