Switch to appuser to avoid root

[btlogy]

Depends on #40 and #42
Close #34

The application is still installed via pip as root, but the command run as non-root.
The appuser is created inside the container with uid=1000 and gid=1000 by default.
But one can change those default either:

• by re-building the image with --build-arg uid=...
• or change the user runtime with the env. variable (e.g.: MW_MAILBOX_UID and MW_RELAY_UID)

The later is the option now used to test the image in the workflow because the GH runner used uid=1001.

[btlogy]

@c-chroniko : I've used some of your previous feedback here (for groupadd and useradd).
Hopefully it's a bit more to the point.
Let me know what you think about this.

[c-chroniko]

Do the changes in this PR only address the subject of the request, or does it include other stylistic changes? I'm having trouble going through such a large diff and identifying whether it's successful in its goal.

[btlogy]

Do the changes in this PR only address the subject of the request, or does it include other stylistic changes? I'm having trouble going through such a large diff and identifying whether it's successful in its goal.

My apologies: You are right to think this patche is too big!
This branch his based on 2 others which are not yet in main.
I should have wait for #40 and #42 to be merged before asking a review here.
Or is there a better way to do this?

[btlogy]

@c-chroniko: this comparison is diffing only what this specific PR is about: reworking the Dockerfiles to create the app user+group and adapt the composer and workflow accordingly.

I don't think I can rebase this branch on main w/o braking the build and conflicting other pending PR...

Maybe you can review #40 and then #42 after #40 will be merged?

[btlogy]

Back to draft to avoid further confusion.
Sorry for the mess @c-chroniko

[btlogy]

@c-chroniko : this PR is clean now.
Hopefully way much easier to review :-)
Sorry again.

[c-chroniko]

LGTM