Configure the Dockerfile to run the application as a non-root user. (#202)

<!-- Provide a brief summary of your changes -->
run the application as a non-root user.
## Motivation and Context
<!-- Why is this change needed? What problem does it solve? -->
run the application as a non-root user.

## How Has This Been Tested?
<!-- Have you tested this in a real application? Which scenarios were
tested? -->
YES, build the docker image.

## Types of changes
<!-- What types of changes does your code introduce? Put an `x` in all
the boxes that apply: -->
- [x] New feature (non-breaking change which adds functionality)


## Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply. -->
- [ ] I have read the [MCP
Documentation](https://modelcontextprotocol.io)
- [ ] My code follows the repository's style guidelines
- [ ] New and existing tests pass locally
- [ ] I have added appropriate error handling
- [ ] I have added or updated documentation as needed

## Additional context
<!-- Add any other context, implementation notes, or design decisions
-->

Co-authored-by: hurricane1988 <[email protected]>
Co-authored-by: adam jones <[email protected]>

Author: 3 people

Dockerfile

@@ -9,6 +9,20 @@ WORKDIR /app
 COPY --from=builder /build/registry .
 COPY --from=builder /app/data/seed.json /app/data/seed.json
 COPY --from=builder /app/internal/docs/swagger.yaml /app/internal/docs/swagger.yaml
+
+# Create a non-privileged user that the app will run under.
+# See https://docs.docker.com/go/dockerfile-user-best-practices/
+ARG UID=10001
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "/nonexistent" \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid "${UID}" \
+    appuser
+
+USER appuser
 EXPOSE 8080
 
 ENTRYPOINT ["./registry"]