Add user and group to all invocations of `docker run`

[mahesh-panchal]

Discussion from Slack thread: https://nfcore.slack.com/archives/C043FMKUNLB/p1743470447418089

When running docker containers, either within Nextflow or on the command-line, it would be good practice to run as the user, so outputs are not written out as root user.

docker run --rm -it -u $(id -u):$(id -g) <image>

and

    docker {
        docker.enabled       = true
        docker.runOptions    = '-u $(id -u):$(id -g)'   // <- run as your user. Not root user.
    }

A drop-down box marked as a note, or a callout would also be useful the first time the user runs docker in the lesson. This would explain that docker containers are by default run as the user they were built with (often root user), and therefore the outputs written by the software are also owned by that user. In order to run as the user running the container, one needs to supply the -u option with the argument above.

[mahesh-panchal]

Seems @maxulysse already made something with #558

[mahesh-panchal]

And @ewels brings up a good point. Who's the user in a .devcontainer?

[ewels]

It's variable and annoying I think, which is why we set it to root. Maybe something to do with one user building the base image and another running the environment? It certainly got messy. Running as root in codespaces fixed everything there.

I suspect when we have separate local / codespaces devcontainer configs this is something that we could have as variable between them.

[mahesh-panchal]

Did someone try this? https://stackoverflow.com/a/78621662
Setting the remoteUser.

[mahesh-panchal]

Do we need to use docker? Would Podman be an alternative?