security: run services as non-root user (RSTUF-CR-25-111)

[Dev10-sys]

This change updates the API container to run as a non-root user instead of root.

Changes:

• Added a non-root user (UID 1000) in the Dockerfile
• Updated file and directory permissions for non-root execution
• Moved the service to port 8080 to avoid privileged ports
• Ensured uvicorn runs as a non-root user

This change is part of the security audit hardening to ensure services do not run as privileged users.

Fixes #859
Related to #852
RSTUF-CR-25-111

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.51%. Comparing base (25928b7) to head (da5cacb).
⚠️ Report is 245 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #919      +/-   ##
==========================================
- Coverage   98.97%   97.51%   -1.47%     
==========================================
  Files          14       16       +2     
  Lines         588      765     +177     
==========================================
+ Hits          582      746     +164     
- Misses          6       19      +13     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[kairoaraujo]

do no merge it yet
Approving to see if it breaks the Functional Tests,