Image scaling: minimize security impact of scaler proc
For both static and dynamic image scaling, we have honed in on two approaches that end up forking out into a child process that performs the actual scaling logic (using `graphicsmagick`). This can present security issues if that process runs with high enough privileges to do damage to the system. We should look into ways to reduce that process' priviliges to the bare minimum needed to function, and reduce its blast radius should something slip through regardless, e.g. using a [chroot jail](https://en.wikipedia.org/wiki/Chroot) or container.
We should also look to constrain the amount of system resources `gm` consumes such as memory use and thread count.
epic