Run opengrok image as non root user

[jkjha]

We primarily utilize the opengrok container in its default configuration, with specific adjustments related to memory and thread settings: https://github.com/oracle/opengrok/blob/master/docker/README.md.

Presently, the container is deployed within one of our Kubernetes (k8s) clusters, where it doesn't have any issues with opengrok container running as root. However, a recent requirement has emerged, prompting the need to migrate the instance to a more secure k8s cluster. Unfortunately, this new cluster imposes restrictions against allowing the root user inside the container, resulting in the following error:

Running version 1.12.12
Synchronization period = 240 minutes
Deploying web application
Traceback (most recent call last):
  File "/scripts/start.py", line 679, in <module>
    main()
  File "/scripts/start.py", line 532, in main
    deploy(logger, url_root)
  File "/scripts/start.py", line 200, in deploy
    deploy_war(
  File "/usr/local/lib/python3.10/dist-packages/opengrok_tools/deploy.py", line 123, in deploy_war
    copyfile(source_war, target_war)
  File "/usr/lib/python3.10/shutil.py", line 256, in copyfile
    with open(dst, 'wb') as fdst:
PermissionError: [Errno 13] Permission denied: '/usr/local/tomcat/webapps/ROOT.war'

From a high-level perspective, creating a new user inside the container to meet opengrok's existing functionalities appears to be a complex task. However, we would appreciate your guidance in understanding the challenges involved if we decide to transition to a non-root user or if it's even possible with the current version of the opengrok container.

[vladak]

#3756 was filed to change this, contains some related discussion.