feat: add non-root user to own files and execute processes in Dockerfile (#8888) (#8889)

Co-authored-by: bqbn <[email protected]>

Author: Archaeopteryx

docker/Dockerfile

@@ -41,5 +41,11 @@ RUN python manage.py collectstatic --noinput
 # since they are instead generated by webpack.
 RUN python -m whitenoise.compress .build
 
+RUN groupadd --gid 9500 treeherder && \
+    useradd --uid 9500 --gid 9500 --no-create-home --shell /bin/sh treeherder && \
+    chown -R treeherder:treeherder /app
+
+USER treeherder
+
 ENTRYPOINT ["/bin/bash", "/app/docker/entrypoint_prod.sh"]
 CMD ["web"]