feat: End Dockerfiles with non-root user

Fixes hadolint rule DL3002.

.hadolint.yaml

@@ -4,6 +4,5 @@
 failure-threshold: warning
 override:
   info:
-    - DL3002
     - DL3006
     - DL3008

base/Dockerfile

@@ -55,3 +55,5 @@ RUN ln -s "$(which python3.11)" /usr/bin/python && \
     python -m venv /opt/.venv && \
     chmod -R 777 /opt/.venv/bin/ && \
     chmod -R 777 /opt/.venv/lib/python3.11/site-packages
+
+USER techuser

capella/Dockerfile

@@ -71,6 +71,8 @@ FROM build_${BUILD_TYPE}
 
 ARG CAPELLA_VERSION
 
+USER root
+
 RUN apt-get update && \
     apt-get install -y \
     libxtst6 \
@@ -157,3 +159,5 @@ COPY startup.sh /startup.sh
 ENTRYPOINT [ "/tini", "--", "/startup.sh" ]
 
 ENV BASE_TYPE=capella
+
+USER techuser

ease/Dockerfile

@@ -109,4 +109,7 @@ RUN chmod +rx /etc/git_askpass.py
 
 COPY startup.sh /opt/startup.sh
 RUN chmod +x /opt/startup.sh
+
+USER techuser
+
 ENTRYPOINT [ "/opt/startup.sh" ]

ease/debug/Dockerfile

@@ -25,3 +25,5 @@ RUN if [ "$NETWORK_ACCESS" = "restricted" ]; then \
     fi && \
     rm -rf /var/lib/apt/lists/* && \
     rm -r /tmp/libs;
+
+USER techuser

eclipse/Dockerfile

@@ -64,3 +64,5 @@ ENV ECLIPSE_INSTALLATION_PATH=/opt/eclipse
 ENV ECLIPSE_EXECUTABLE=/opt/eclipse/eclipse
 
 ENV BASE_TYPE=eclipse
+
+USER techuser

t4c/Dockerfile

@@ -60,4 +60,6 @@ RUN chown techuser /opt/capella/capella.ini && \
 WORKDIR /opt
 ENV BASE_TYPE=t4c
 
+USER techuser
+
 ENTRYPOINT [ "/tini", "--", "/docker_entrypoint.sh" ]