Solution to building Docker images without privileged mode

When talking to a company, they expressed concern that our solution to building Docker images required docker-in-docker, which then requires privileged mode. This was a security concern for them, because we also allow arbitrary scripts to run which is a security concern.

We did mention the ability to segregate via tags the Dockerfile builds to specific runners, but that was not a great solution as it still doesn't remove the script component.

They would prefer a more specific way to build Docker images, without the ability to execute arbitrary scripts. They would instead go buy a different story for this.