fix: container subprocess spawn of docker commands

[adrobuta]

Pull Request Submission Checklist

• Follows CONTRIBUTING guidelines
• Commit messages
  are release-note ready, emphasizing
  what was changed, not how.
• Includes detailed description of changes
• Contains risk assessment (Low | Medium | High)
• Highlights breaking API changes (if applicable)
• Links to automated tests covering new functionality
• Includes manual testing instructions (if necessary)
• Updates relevant GitBook documentation (PR link: ___)
• Includes product update to be announced in the next stable release notes

What does this PR do?

Bumps snyk-docker-plugin@8.4.1. The new version updates the sub-process execution logic to remove the default shells used in spawning the child processes and execute the docker binaries directly without relying on a shell. This eliminates the need for a specific shell binary (like /bin/bash or /bin/sh) to be present, making the function portable on a broader range of operating systems and minimal distributions like alpine that default to /bin/sh.

Where should the reviewer start?

How should this be manually tested?

docker pull snyk/snyk:docker --platform=linux/amd64
docker run --rm -it --env SNYK_TOKEN="your snyk token" -v /var/run/docker.sock:/var/run/docker.sock snyk/snyk:docker snyk test --debug --docker local_image:tag

What's the product update that needs to be communicated to CLI users?

[snyk-io]

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)

✅ license/snyk check is complete. No issues have been found. (View Details)

✅ code/snyk check is complete. No issues have been found. (View Details)

[PeterSchafer]

LGTM!

Acknowledge an additional fix included in 8.4.0

The tests revealed some issues, removing my premature approval to re-review later again

[adrobuta]

Closing this PR because we observed ENOENT errors when docker binary is spawned without a shell on different host machine.