Running docker containers as non-root user

[tettaji]

What this PR does / why we need it:
I've added a user to the controller and ingress-shim Dockerfiles. The processes don't need root access so I figured I might as well limit it.

Run cert-manager container as a non root user

[munnerz]

My only concern here is around glog attempting to write a log file to disk (which we don't want it to do anyway, but I know it sometimes does bad things, because glog is bad 🙃)

/ok-to-test

[tettaji]

That's a good point, I didn't test myself with logfiles enabled so that might fail.

[tettaji]

/retest

[euank]

@munnerz By default, glog logs in /tmp, and that should be an o+rwx directory, so I don't think it should cause issues. Even in a scratch container I think docker mounts a tmpfs with appropriate permissions there.

If a user configures the log-dir away from default, it seems reasonable to also expect them to correctly permission it.

[munnerz]

/retest

[tettaji]

/retest

[tettaji]

What's up with your 1.9 environment?

[kragniz]

/test e2e v1.9

[munnerz]

We were hitting some issues relating to Helm timeouts (see #429)

/lgtm
/approve

[jetstack-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: munnerz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [munnerz]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[retest-bot]

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to jetstack).
Review the full test history for this PR.
Silence the bot with an /lgtm cancel comment for consistent failures.