fix(docker): use Debian-provided Node.js instead of NodeSource

[raystone06]

The previous Dockerfile installed Node.js by adding the NodeSource APT repository, which requires fetching the GPG key over HTTPS from deb.nodesource.com during the build. In some network environments this TLS connection fails with:

curl: (35) TLS connect error: error:0A000126:SSL routines::
unexpected eof while reading

Since Debian Trixie (the base of python:3.11-slim) already ships Node.js 20.x in its main repositories, we can install it directly via apt without depending on NodeSource. This makes the build more reliable and removes the gnupg/keyring setup entirely.

[gemini-code-assist]

Code Review

This pull request modifies the Dockerfile to install Node.js and npm directly from Debian repositories to bypass NodeSource TLS issues. Feedback indicates that this change results in a version mismatch, as the current base image provides Node.js v18 instead of the required v20. Additionally, it is suggested to remove npm from the final image to optimize size and security, as it is not needed for runtime.

[gemini-code-assist]

The PR description states that python:3.11-slim is based on Debian Trixie, but it is currently based on Debian 12 (Bookworm). Consequently, apt-get install nodejs will install Node.js v18, not v20. Since the build stage (node_builder) uses Node.js v20 and the package.json specifies @types/node": "^20", this version mismatch between build and runtime environments could lead to unexpected behavior or runtime errors. If Node.js 20 is strictly required, you may need to use a different installation method or a base image that supports it natively.

[gemini-code-assist]

The npm package is not required in the final runtime image. The application is already built in the node_builder stage, and the start.sh script executes the application using the node binary directly (line 94). Removing npm will significantly reduce the final image size (typically by 200MB+ on Debian) and reduce the attack surface.

    nodejs \