Do not run as root inside the containers

It seems to be best practice nowadays to let services inside a container be run with user priviliges, as that - even when the container has no out-of-the-box capabilities to escape it like a docker socket - slightly reduces the attack surface. We could switch to non-root easily but will have to ``chmod`` the ``api-data`` directory in the process during upgrade. 