Copying service only on first start breaks TLS certificate replacement

[sbruder]

I use your openldap container, which uses this base image, which recommends using the --copy-service switch to fix permission problems. Since my TLS keys and certificates (on the host) are owned by uid 1000 and slapd runs as uid 999 I need to use that switch.
But because the service is only copied on the container’s first start (https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/run#L373), this makes it impossible to replace the certificates by just restarting the container. To achieve this, the container needs to be removed and created again.

I think the service should be copied on every start of the container. Is this possible or does this break other things?