Support for non-root uids

For my use case, I'd prefer to run the contained process as a non-root user inside the container - partly to avoid confusing programs not expecting to be root, but mainly to reduce privilege (no access to my own data, as it wouldn't be my main uid outside the container anymore).

I believe this would mean mapping at least one more uid (so that the root user can still be used to mount filesystems, and then switch to a less privileged uid), and in turn this means relying on the newuidmap (and newgidmap) setuid program which uses /etc/subuid.

If you'd be willing to include the feature, I'd probably be interested in working on it.