fix(helm): Run Dockerfile as uid 1000 (#1274)

Configures a default 1000 user for container to run as. This allows a
username to be found when running without the LDAP sidecar or when
running as a user not registered in LDAP, e.g. the default 1000 user in
the Helm chart/Kyverno policy.

As we remove the need for hostNetwork and continue to push for a
non-dls_sw scratch area, the container does not require running as a
specific user and can run as an arbitrary user with fewer permissions.

This fixes problems of [attaching a devcontainer for
debugging](https://diamondlightsource.github.io/python-copier-template/main/how-to/debug-in-cluster.html#debugging-in-the-cluster)
when running as a non-LDAP user.

Author: DiamondJoseph

Dockerfile

@@ -46,6 +46,12 @@ RUN sed -i 's/files/ldap files/g' /etc/nsswitch.conf
 RUN pip install debugpy
 RUN pip install -e .
 
+RUN groupadd -g 1000 blueapi && \
+    useradd -m -u 1000 -g blueapi blueapi
+ 
+# Switch to the custom user
+USER blueapi
+
 # Alternate entrypoint to allow devcontainer to attach
 ENTRYPOINT [ "/bin/bash", "-c", "--" ]
 CMD [ "while true; do sleep 30; done;" ]
@@ -75,5 +81,11 @@ RUN sed -i 's/files/ldap files/g' /etc/nsswitch.conf
 
 ENV MPLCONFIGDIR=/tmp/matplotlib
 
+RUN groupadd -g 1000 blueapi && \
+    useradd -m -u 1000 -g blueapi blueapi
+ 
+# Switch to the custom user
+USER blueapi
+
 ENTRYPOINT ["blueapi"]
 CMD ["serve"]