[bitnami/clickhouse] feat: :sparkles: :lock: Add readOnlyRootFilesystem support

[javsalgar]

Signed-off-by: Javier Salmeron Garcia [email protected]

Description of the change

This PR performs the necessary changes to enable readOnlyRootFilesystem. This consists of:

• Adding emptyDir directories in all container writable paths
• Update image with one compatible with an emptydir conf folder
• Add runAsGroup

IMPORTANT: In order to avoid potentially breaking changes, this PR sets the readOnlyRootFilesystem value to false.

Benefits

More security in the chart

Possible drawbacks

Potential unforeseen issues with customizations

Applicable issues

• fixes #

Additional information

Checklist

• [x] Chart version bumped in Chart.yaml according to semver. This is not necessary when the changes only affect README.md files.
• [x] Variables are documented in the values.yaml and added to the README.md using readme-generator-for-helm
• [x] Title of the pull request follows this pattern [bitnami/<name_of_the_chart>] Descriptive title
• [x] All commits signed off and in agreement of Developer Certificate of Origin (DCO)