Docker: run as non-root user, use venv

1. Run as non-elevated user by default
2. Install scancodeio in venv
3. Make it possible to set up UNAME/UID/GID on buildtime
4. Move scancodeio from /app to /opt to be more in-line with:
https://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html
5. Set cache to /tmp as it is disposable after build
6. Upgrade pip to have less red in build log

Resolves nexB#260
Resolves nexB#399

Signed-off-by: Alexander Mazuruk <a.mazuruk@samsung.com>

Dockerfile

@@ -22,7 +22,12 @@
 
 FROM python:3.9
 
-WORKDIR /app
+ARG UNAME=scancodeio
+ENV UNAME=$UNAME
+ARG UID=1001
+ENV UID=$UID
+ARG GID=1001
+ENV GID=$GID
 
 ENV PYTHONUNBUFFERED 1
 ENV PYTHONDONTWRITEBYTECODE 1
@@ -48,11 +53,22 @@ RUN apt-get update \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
-RUN mkdir -p /var/scancodeio/static/ \
- && mkdir -p /var/scancodeio/workspace/
+RUN mkdir -p /opt/scancodeio/ \
+             /var/scancodeio/static/ \
+             /var/scancodeio/workspace/
 
+RUN groupadd --gid ${GID} --non-unique ${UNAME}} \
+ && useradd --no-create-home --uid ${UID} --gid ${GID} --non-unique ${UNAME} \
+ && chown -R ${UID}:${GID} /var/scancodeio/ /opt/
+
+WORKDIR /opt/scancodeio/
 # Keep the dependencies installation before the COPY of the app/ for proper caching
-COPY setup.cfg setup.py /app/
-RUN pip install .
+COPY --chown=${UID}:${GID} setup.cfg setup.py /opt/scancodeio/
+USER ${UNAME}
+RUN python -m venv .
+ENV PATH="/opt/scancodeio/bin:$PATH"
+RUN export PIP_CACHE_DIR=/tmp \
+ && pip install --upgrade pip \
+ && pip install .
 
-COPY . /app
+COPY --chown=${UID}:${GID} . /opt/scancodeio/