Add Debian 11 base image

[AnushaBoggarapu]

The latest version 11 of Debian version 11 (bullseye) is released. So can we have a golang docker image with debian 11 as base.

https://release.debian.org/bullseye/freeze_policy.html

The current images of golang have openldap and bash vulnerabilities due to the underlying debian

Debian Security Update for openldap (DSA 4792-1) | CVE-2020-25709,CVE-2020-25710
GNU Bash Privilege Escalation Vulnerability for Debian (Zero Day) | CVE-2019-18276
The current golang images have 4.1 version of bash that has this vulnerability, upgrading to debian 11 will provide 5.1 bash which will have the issue fix

[tianon]

It's not quite released yet, but it is in a transition freeze (not quite even soft freeze yet until probably sometime next month), so it would be reasonable IMO to add as an additional variant on the 1.16 pre-release version (which is due to be released next month around the same time the freeze for Debian 11 starts to ramp up).

[tianon]

Although to be clear, the vulnerabilities you've listed are not compelling reasons to upgrade:

• https://security-tracker.debian.org/tracker/CVE-2020-25709 (fixed in version 2.4.47+dfsg-3+deb10u4)
• https://security-tracker.debian.org/tracker/CVE-2020-25710 (fixed in version 2.4.47+dfsg-3+deb10u4)
• https://security-tracker.debian.org/tracker/CVE-2019-18276 ("Negligible security impact")

https://github.com/docker-library/repo-info/blob/46e3f35aa34cc7964e554e7433e9a52a7e4e8771/repos/golang/local/1.15-buster.md#dpkg-source-package-openldap2447dfsg-3deb10u4
(2.4.47+dfsg-3+deb10u4 is the exact version of openldap binary packages our images contain)

[justaugustus]

Bumping this, as bullseye is now out: https://www.debian.org/News/2021/20210814

[tianon]

I've included this in #381.

[justaugustus]

Thanks @tianon!