Refactor Dockerfile and IoUtils for improved robustness

[RinZ27]

Improved the operational security of the Smithy container image by adding a dedicated non-root user and health checks. \n\nAdditionally, updated to support command execution via argument arrays. This provides a more robust and idiomatic way to handle subprocesses, reducing the likelihood of issues related to shell meta-character handling when executing external commands.

[github-actions]

This pull request does not contain a staged changelog entry. To create one, use the ./.changes/new-change command. For example:

./.changes/new-change --pull-requests "#2932" --type feature --description "Refactor Dockerfile and IoUtils for improved robustness"

Make sure that the description is appropriate for a changelog entry and that the proper feature type is used. See ./.changes/README or run ./.changes/new-change -h for more information.

[sugmanue]

Hi @RinZ27, we don't review PR from unknown sources without a clear understanding of what's the issue being addressed. Please fill up an issue describing your concerns and preferably examples to show how would it be possible to exploit any if problem mentioned.

[RinZ27]

Understood. I'll open an issue detailing the shell injection risks in IoUtils and the container security improvements, including the requested examples. Will link it here shortly.

[RinZ27]

I've opened issue #2933 with the detailed explanation and Proof of Concept (PoC) for the shell injection vulnerability, as well as the rationale for the container hardening changes.