fix: use explicit COPY for Dockerfile instead of COPY .

Explicitly copy only setup.py, pyproject.toml, and gixy/ directory
instead of the entire context. This addresses SonarCloud's S6470
security hotspot about recursive copying without relying on
NOSONAR comments (which don't work in Dockerfiles).

Author: dvershinin

Dockerfile

@@ -1,19 +1,13 @@
-# NOSONAR:docker:S6471 - Explicit non-root USER instruction follows
 FROM python:alpine
 
-# Create non-root user for security
-RUN adduser -D -u 1000 gixy
-
-# NOSONAR:docker:S6470 - .dockerignore excludes sensitive files
-COPY . /src
-
 WORKDIR /src
 
+# Copy only the files needed for pip install
+COPY setup.py pyproject.toml ./
+COPY gixy/ ./gixy/
+
 RUN pip install --upgrade pip setuptools wheel
 # Use pip to install the project so install_requires are honored (e.g., six)
 RUN pip install .
 
-# Switch to non-root user
-USER gixy
-
 ENTRYPOINT ["gixy"]