fix scaffold gradle lockfile fs access

Author: lowtorola

saturn/pkg/run/python3.go

@@ -164,6 +164,7 @@ func (s *Python3Scaffold) RunMatch() *Step {
 	return &Step{
 		Name: "Run match",
 		Callable: func(ctx context.Context, arg *StepArguments) error {
+			defer s.cleanupContainer(ctx)
 			out, err := s.Scaffold.RunIsolatedCommand(
 				ctx,
 				[]string{},

saturn/pkg/run/scaffold.go

@@ -213,6 +213,8 @@ func (s *Scaffold) initContainer(ctx context.Context) error {
 		ReadOnlyRootFS: true,
 		Mounts: []string{
 			fmt.Sprintf("%s:/workspace:rw", scaffoldHostPath),
+			"tmpfs:/tmp:rw,noexec,nosuid,size=1g",                 // Writable temp directory
+			"tmpfs:/workspace/.gradle:rw,noexec,nosuid,size=512m", // Gradle cache
 		},
 		CapabilitiesToDrop: []string{"ALL"},
 		CapabilitiesToAdd:  []string{"CHOWN", "SETUID", "SETGID", "DAC_OVERRIDE"},