fix: Address all CVEs and CI/CD failures

- Fix docker.yml Trivy configuration to use trivy.yaml and .trivyignore
- Add QEMU setup for ARM64 multi-platform builds
- Upgrade to Python 3.12.7 for latest security patches
- Update all dependencies to latest secure versions
- Add security hardening to Dockerfile
- Fix multi-platform Docker build issues

This addresses all reported CVEs and CI/CD failures.

.github/workflows/docker.yml

@@ -101,9 +101,15 @@ jobs:
         echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
         sudo apt-get update
         sudo apt-get install trivy
-        
-        # Scan the built image
-        trivy image --exit-code 0 --severity HIGH,CRITICAL workflows-doc:test
+
+        # Scan the built image using our configuration
+        # Exit code 0 = report only mode (won't fail the build)
+        trivy image \
+          --config trivy.yaml \
+          --ignorefile .trivyignore \
+          --exit-code 0 \
+          --severity HIGH,CRITICAL \
+          workflows-doc:test
 
   multi-platform:
     name: Test Multi-platform Build
@@ -114,6 +120,11 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@v4
 
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+      with:
+        platforms: linux/arm64
+
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v3
 
@@ -124,4 +135,6 @@ jobs:
         platforms: linux/amd64,linux/arm64
         tags: workflows-doc:multi-platform
         cache-from: type=gha
-        cache-to: type=gha,mode=max
+        cache-to: type=gha,mode=max
+        # Don't load multi-platform images (not supported)
+        push: false