Update Git based images to patch CVE-2022-41903, CVE-2022-23521.

See
https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/
for more details.

Because this effectively bumps the Git version used from v2.26.2 to
v2.39.0, this change also fixes 59 HIGH and 12 CRITICAL vulnerabilities
reported since this image was last updated.

This changes the default base image for git-cli and git-rebase to match the same base image for
[Pipeline
git-init](9d3942176f/.ko.yaml (L5)).

This does not update:

- git-clone | this is dependent on git-init (which is yet to be updated)
- git-version | this is based on dotnet sdk(?) so I have no idea how to
  safely update this.

task/git-cli/0.4/git-cli.yaml

@@ -54,7 +54,8 @@ spec:
       description: |
         The base image for the task.
       type: string
-      default: docker.io/alpine/git:v2.26.2@sha256:23618034b0be9205d9cc0846eb711b12ba4c9b468efdd8a59aac1d7b1a23363f #tag: v2.26.2
+      # TODO: Deprecate use of root image.
+      default: cgr.dev/chainguard/git:root-2.39@sha256:7759f87050dd8bacabe61354d75ccd7f864d6b6f8ec42697db7159eccd491139
 
     - name: GIT_USER_NAME
       type: string

task/git-rebase/0.1/git-rebase.yaml

@@ -82,7 +82,7 @@ spec:
   steps:
     - name: rebase
       workingDir: $(workspaces.source.path)
-      image: docker.io/alpine/git:v2.26.2@sha256:23618034b0be9205d9cc0846eb711b12ba4c9b468efdd8a59aac1d7b1a23363f #tag: v2.26.2
+      image: cgr.dev/chainguard/git:2.39@sha256:fdaef225e3fd5cf190520553ff765f186a4363390af3f19912897b0b28f87aeb
       script: |
 
         # Setting up the config for the git.