## Description
Allows the Appsmith container to run as a non-root user, specified at
runtime through either docker-compose or Kubernetes pod security
context. I didn't specify the user in the `Dockerfile` because
environments like OpenShift choose a user at runtime, so it can't be
known at build time.
This needs to be followed by an update to docs and changes in the Helm
chart to finish it off, but that has a separate release cycle and this
needs to go ahead of that.
Ideally we would run as non-root by default, but since there's data
persisted on the filesystem automatically transitioning the default is
impossible without a lot of pain. This moves us in that direction and
enables it in the future if we go down that path.
Required to fix https://github.com/appsmithorg/appsmith/issues/38787
## Automation
/ok-to-test tags=""
### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results -->
> [!WARNING]
> Tests have not run on the HEAD
50ba745c5bb7709c60ce5194437f921f1a95c980 yet
> <hr>Thu, 15 May 2025 15:56:31 UTC
<!-- end of auto-generated comment: Cypress test results -->
## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [x] No
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added support for user identity emulation when running as a non-root
user, improving compatibility in certain deployment environments.
- Prevented embedded database initialization when running as a non-root
user to ensure proper operation.
- **Chores**
- Installed additional system packages to the base image for enhanced
functionality.
- Optimized image size by consolidating and improving cleanup steps
during the build process.
- Updated base image and refined installation commands for improved
build consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2d21717059