Drop root privileges in container

Through this MR, the image does not run anymore as UID 0, which should improve (perceived) security and remove some nagging by i.e uWSGI.

To be tested:

• If it can be used with the current DB, (may need to chown it to 1000:1000, but please: backup first, test afterwards)

Dockerfile

@@ -4,7 +4,13 @@ FROM python:3.12 AS base
 WORKDIR /app
 EXPOSE 5000
 
+ARG USERNAME="portaluser"
+
 # First, copy and install only the requirements...
+RUN useradd -ms /bin/bash ${USERNAME} && chown -R ${USERNAME}:${USERNAME} /app
+USER ${USERNAME}
+# The modified PATH is needed so that the pipenv executaable is found.
+ENV PATH="$PATH:/home/${USERNAME}/.local/bin"
 RUN pip install --upgrade pip setuptools
 RUN pip install pipenv
 COPY Pipfile.lock .
@@ -13,7 +19,7 @@ RUN pip uninstall --yes pipenv
 RUN pip install -r requirements.txt
 # ... then the rest of the application. This allows the installation stage to be cached most of the time
 # (so we don't have reinstall of all dependencies every time the container is rebuilt)
-COPY . .
+COPY --chown=${USERNAME}:${USERNAME} . .
 
 FROM base AS dev
 ENV SERVER_TYPE=flask