feat(docker): Create non-root clp-user; Move USER and ENV directives after flattening (fixes #1379); Reduce layers using multi-line ENV (fixes #1378).

tools/docker-images/clp-package/Dockerfile

@@ -1,7 +1,5 @@
 FROM ubuntu:jammy AS base
 
-WORKDIR /root
-
 COPY ./tools/docker-images/clp-package/setup-scripts ./setup-scripts
 RUN ./setup-scripts/install-prebuilt-packages.sh \
     && rm -rf ./setup-scripts/
@@ -10,15 +8,18 @@ RUN ./setup-scripts/install-prebuilt-packages.sh \
 RUN apt-get clean \
     && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
-ENV CLP_HOME="/opt/clp"
-ENV PATH="${CLP_HOME}/bin:${PATH}"
-ENV PATH="${CLP_HOME}/sbin:${PATH}"
-ENV PYTHONPATH="${CLP_HOME}/lib/python3/site-packages"
-
-USER 1000:1000
-
-COPY ./build/clp-package /opt/clp
-
 # Flatten the image
 FROM scratch
 COPY --from=base / /
+
+ENV CLP_HOME="/opt/clp"
+COPY ./build/clp-package ${CLP_HOME}
+
+ENV PATH="${CLP_HOME}/bin:${PATH}"
+ENV PATH="${CLP_HOME}/sbin:${PATH}" \
+    PYTHONPATH="${CLP_HOME}/lib/python3/site-packages" \
+    USER="clp-user"
+
+RUN useradd --uid 1000 --shell /bin/bash --home-dir ${CLP_HOME} ${USER}
+USER ${USER}
+WORKDIR ${CLP_HOME}