Upgrade Prowler to 5.23.0, remove registry workaround (#336)

## Summary

- Upgrade Prowler from 5.22.0 to 5.23.0
- Remove the `enumerate-images` init container workaround from `cronjob-image-scan.yaml`
- Use native `--registry` and `--image-filter` flags now that upstream fix (PR prowler-cloud/prowler#10470) is released

The init container was a workaround for prowler-cloud/prowler#10457 where `--registry` args weren't forwarded to the provider constructor. We wrote the fix, it was merged, and v5.23.0 includes it.

## Test plan

- [ ] Build new container (`mise run container-release prowler 5.23.0`)
- [ ] Update kustomization.yaml with new image tag
- [ ] Sync prowler ArgoCD app from branch
- [ ] Manually trigger image scan job and verify `--registry` works natively
- [ ] Verify CIS and IaC scan cronjobs still work

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: #336

argocd/manifests/prowler/cronjob-image-scan.yaml

@@ -15,39 +15,6 @@ spec:
           securityContext:
             seccompProfile:
               type: RuntimeDefault
-          initContainers:
-            # Workaround: Prowler's --registry flag is broken (registry args
-            # not passed to provider constructor). Generate image list from
-            # zot catalog API instead.
-            # See: https://github.com/prowler-cloud/prowler/issues/10457
-            # Fix merged upstream (PR #10470, 2026-03-30) but not yet in a
-            # release (latest: 5.22.0). Remove this initContainer once a
-            # release includes the fix and we upgrade.
-            - name: enumerate-images
-              image: registry.ops.eblu.me/blumeops/prowler:kustomized
-              command: ["python3", "-c"]
-              args:
-                - |
-                  import json, urllib.request
-
-                  REGISTRY = "https://registry.ops.eblu.me"
-                  catalog = json.loads(urllib.request.urlopen(f"{REGISTRY}/v2/_catalog").read())
-                  images = []
-                  for repo in catalog["repositories"]:
-                      if not repo.startswith("blumeops/"):
-                          continue
-                      tags = json.loads(urllib.request.urlopen(f"{REGISTRY}/v2/{repo}/tags/list").read())
-                      for tag in tags.get("tags") or []:
-                          images.append(f"registry.ops.eblu.me/{repo}:{tag}")
-
-                  with open("/shared/images.txt", "w") as f:
-                      f.write("\n".join(images) + "\n")
-                  print(f"Discovered {len(images)} images")
-                  for img in images:
-                      print(img)
-              volumeMounts:
-                - name: shared
-                  mountPath: /shared
           containers:
             - name: prowler
               image: registry.ops.eblu.me/blumeops/prowler:kustomized
@@ -57,20 +24,16 @@ spec:
                   DATEDIR=/reports/prowler-images/$(date +%Y-%m-%d)
                   mkdir -p "$DATEDIR"
                   prowler image \
-                    --image-list /shared/images.txt \
+                    --registry https://registry.ops.eblu.me \
+                    --image-filter "^blumeops/" \
                     -z \
                     --output-formats html csv json-ocsf \
                     --output-directory "$DATEDIR"
               volumeMounts:
                 - name: reports
                   mountPath: /reports
-                - name: shared
-                  mountPath: /shared
-                  readOnly: true
           restartPolicy: OnFailure
           volumes:
             - name: reports
               persistentVolumeClaim:
                 claimName: prowler-reports
-            - name: shared
-              emptyDir: {}

argocd/manifests/prowler/kustomization.yaml

@@ -26,4 +26,4 @@ configMapGenerator:
 
 images:
   - name: registry.ops.eblu.me/blumeops/prowler
-    newTag: v5.22.0-6960243
+    newTag: v5.23.0-d05b503