docker image: switch to a new non-root user when started as root

[arichardson]

Instead of manually adding a matching user with the docker-adduser cheribuild target, this adds an ENTRYPOINT script to the docker image that automatically creates an unprivileged user. The UID/GID/name can be passed using environment variables (-e flag to docker run).

[arichardson]

I believe this should now be correct.

[jrtc27]

My only concern with merging this is that the initial release tarball (which we know some people are using) failed to check out a tag for cheribuild, so it tracks master and prompts people to update, meaning we can't actually make the cheribuild side of the necessary changes to support this because that will break with people's existing docker images. I don't know how we deal with that though because it'll need breaking at some point, and other changes to cheribuild may stop things working with the release's snapshot of repos before then...

[arichardson]

Yes that is unfortunate. However, these dockerfile changes should be backwards compatible since they do nothing when --uid is passed to docker.

I'll look into a workaround for the release when I actually make the docker commandline change.