Derive and set pod security policies as best practice

[marcinc]

Consider Dockerfile UID/GID extraction for automated workloads pod security policy configuration, or when not possible, default to nobody UID/GID with relevant message to the user with suggestions.

These could be instructions on how to defined and use non root user / group, or how to migrate to another base image that supports that model out of the box.