Follow-up from "Draft: Cleanup pipeline and at non-root user"

The following discussion from !233 (merged) should be addressed:

• @timofurrer started a discussion: (+4 comments)

  I certainly like this change to run as non-root user - However, I'm kinda worried about the breaking change effects of this 🤔 After all, we have recipes in our docs on how to add tooling to the image - which wouldn't work after this change.

  I wonder if it would make sense to provide an additional image variant with the non-root user and make that the default (for security reasons) with %17.0 (and maybe offer a root variant) ?

  @MindTooth WDYT?

Look into created a non-root image for running gitlab-terraform.

---

Example Dockerfile from the original merge request:

ARG BASE_IMAGE

FROM $BASE_IMAGE

ARG TARGETARCH

ARG TERRAFORM_BINARY_VERSION

ARG UID=1000

RUN apk add --no-cache \
  curl \
  gcompat \
  git \
  idn2-utils \
  jq \
  openssh

RUN adduser \
  -u "$UID" \
  -D \
  terraform

WORKDIR /tmp

RUN ( curl -sLo terraform.zip "https://releases.hashicorp.com/terraform/${TERRAFORM_BINARY_VERSION}/terraform_${TERRAFORM_BINARY_VERSION}_linux_${TARGETARCH}.zip" && \
      unzip terraform.zip && \
      rm terraform.zip && \
      mv ./terraform /usr/local/bin/terraform \
    ) && terraform --version

WORKDIR /

COPY src/bin/gitlab-terraform.sh /usr/bin/gitlab-terraform
RUN chmod +x /usr/bin/gitlab-terraform

USER terraform

# Override ENTRYPOINT since hashicorp/terraform uses `terraform`
ENTRYPOINT []

Note the RUN adduser and USER terraform lines.