Figure out security update policy for base and juggler containers
Right now we don't bust the cache or force run apt-get upgrade. This means that upstream (debian) security upgrades to the containers are not applied until someone changes the debian/Dockerfile and forces a rebuild. We should consider a periodic --no-cache build of the base image, but there must be better best-practices out there.