Don't run apps in Docker as root

orchestration/message-queue/Dockerfile

@@ -32,15 +32,19 @@ RUN --mount=type=cache,target=/root/.cargo \
 FROM debian:bookworm-slim as image
 LABEL description="STAGE 2: Copy and Run"
 
-WORKDIR /home/serai
-
-# Copy the Message Queue binary and relevant license
-COPY --from=builder /serai/bin/serai-message-queue /bin/
-COPY --from=builder /serai/AGPL-3.0 .
-
 # Upgrade packages
 RUN apt update && apt upgrade -y
 
+# Switch to a non-root user
+RUN useradd --system --home /home/message-queue --create-home --shell /sbin/nologin messagequeue
+USER messagequeue
+
+WORKDIR /home/message-queue
+
+# Copy the Message Queue binary and relevant license
+COPY --from=builder --chown=messagequeue /serai/bin/serai-message-queue /bin
+COPY --from=builder --chown=messagequeue /serai/AGPL-3.0 .
+
 # Run message-queue
 EXPOSE 2287
 CMD ["serai-message-queue"]