"fatal: detected dubious ownership" during scan

[UlrichEckhardt]

Greetings!

During scanning, there is a disturbing error raised in the output:

composer install --no-scripts --no-progress --no-dev --ignore-platform-reqs
  The repository at "/github/workspace" does not have the correct ownership and git refuses to use it:
  
  fatal: detected dubious ownership in repository at '/github/workspace'
  To add an exception for this directory, call:
  
  	git config --global --add safe.directory /github/workspace
  
  Composer could not detect the root package (tillmannschiffler/simplequeue) version, defaulting to '1.0.0'. See https://getcomposer.org/root-version
  Installing dependencies from lock file
  Verifying lock file contents can be installed on current platform.
  Nothing to install, update or remove
  Generating autoload files

• It seems that this is ignored, but I'm not sure what side-effects it causes. If Git refuses to touch the code, Psalm can't use it to inspect the differences between the current branch and the target, which might explain why it doesn't work as expected (i.e. provide automatic comments on the according places in the source code).
• You could of course adjust the Git configuration to add an exception.
• You could also run the Docker container with --user $(id -u):$(id -g) arguments to make it use the same UID/GID inside the container, which should prevent this.
• At the very least, please document this, so it doesn't confuse people without need.

Thanks!

Uli