Merge Dev into Master – CVE Fixes, Refactor & Build Improvements

[LordOverlord]

This PR merges the latest changes from dev into master, addressing security vulnerabilities, modernizing the build process, and improving the release pipelines.

Key improvements include:
✅ Security & Dependency Fixes

🔒 Fixed CVE-2024-41110 by upgrading github.com/docker/docker to v23.0.15+incompatible

🔒 Updated containerd and golang.org/x/net to patched versions (v1.7.27, v0.38.0)

🔧 Resolved Go module compatibility issues caused by deprecated internals

🚀 Build & CI Improvements

🔨 Migrated to multi-stage Docker builds using chainguard/go as builder for reduced image size

🧼 Refactored Dockerfiles for clarity and smaller runtime footprint

🛠️ Upgraded Go version to 1.21 (dev) and 1.22 (master) to support toolchain directive

🧪 Integrated Trivy and Snyk for vulnerability scanning in GitHub Actions

🔁 Cleaned up deprecated ::set-output usage with GITHUB_OUTPUT

📦 Release Workflow Enhancements

🧱 Added cross-platform builds: linux, darwin, and windows (.exe)

🐳 Tagged container images as :dev and :latest accordingly

🚀 Automated GitHub releases with binary uploads per platform

✅ Ensured version tags are auto-incremented with semver parsing

📝 Docs and README

🧹 Cleaned outdated Linux distro install steps

📦 Updated Docker image reference to ghcr.io/lordoverlord/ctop:latest

💬 Clarified dev vs release channel usage

Notes

A future PR will migrate the Docker API client to the official github.com/docker/docker/client, deprecating fsouza/go-dockerclient entirely.

This release stabilizes the security baseline across both binary and container usage.