chore: add a user non-root to the container image (#38)

- Running as root is never good! Never! 🍒

tools/nix/images/tripsu.nix

@@ -8,13 +8,23 @@ pkgs.dockerTools.buildLayeredImage {
 
   contents = [tripsu];
 
+  fakeRootCommands = ''
+    ${pkgs.dockerTools.shadowSetup}
+    groupadd -r non-root
+    useradd -r -g non-root non-root
+    mkdir -p /workspace
+    chown non-root:non-root /workspace
+  '';
+  enableFakechroot = true;
+
   config = {
     Entrypoint = ["tripsu"];
-    WorkingDir = "/";
+    WorkingDir = "/workspace";
     Labels = {
       "org.opencontainers.image.source" = "https://github.com/sdsc-ordes/tripsu";
       "org.opencontainers.image.description" = tripsu.meta.description;
       "org.opencontainers.image.license" = "Apache-2.0";
     };
+    User = "non-root";
   };
 }