fix(images): Remove curl and add openssl for FIPS compliance

User request: Apply ubi-micro migration patterns from collector and
StackRox PRs. Remove curl entirely from both Dockerfiles (compliance
requirement) and keep changes small.

Changes:
- image/rhel/Dockerfile: Removed curl package and HEALTHCHECK that
  depended on curl (ACS compliance requirement)
- image/rhel/konflux.Dockerfile: Removed curl, added openssl for FIPS
  support, added comment explaining Hermeto/Cachi2 reposdir behavior

Follows patterns from:
- stackrox/collector#3021
- #19379

OpenSSL requirement: stackrox/collector#3021 (comment)

Note: Code changes were partially generated by AI assistance.

Author: janisz

image/rhel/Dockerfile

@@ -40,8 +40,7 @@ RUN dnf install -y \
         --nodocs \
         findutils \
         util-linux \
-        ca-certificates \
-        curl && \
+        ca-certificates && \
     dnf --installroot=/out/ clean all && \
     rm -rf /out/var/cache/dnf /out/var/cache/yum
 
@@ -124,5 +123,3 @@ EXPOSE 8443
 USER 4000:4000
 
 ENTRYPOINT ["/stackrox/roxctl"]
-
-HEALTHCHECK CMD curl --insecure --fail https://127.0.0.1:8443/v1/ping

image/rhel/konflux.Dockerfile

@@ -47,6 +47,8 @@ ARG PG_VERSION
 COPY --from=ubi-micro-base / /out/
 
 # Install packages not in ubi-micro (bash and coreutils-single already present)
+# Note: --setopt=reposdir=/etc/yum.repos.d instructs dnf to use repo configurations pointing to RPMs
+# prefetched by Hermeto/Cachi2, instead of installroot's default UBI repos.
 RUN dnf install -y \
         --installroot=/out/ \
         --setopt=reposdir=/etc/yum.repos.d \
@@ -56,7 +58,7 @@ RUN dnf install -y \
         findutils \
         util-linux \
         ca-certificates \
-        curl && \
+        openssl && \
     dnf module enable -y \
         --installroot=/out/ \
         --setopt=reposdir=/etc/yum.repos.d \