Make bindfs mapping bidirectional, remove host USER name from env

[Nuru]

REMINDER

This PR fixes an issue with using bindfs to work around file ownership issues caused by running the Docker daemon as root (#594). This support is provided as a courtesy, but the better solution is to run Docker in "rootless" mode, which is done automatically when you use Docker Desktop. Support for running Docker as root should be considered deprecated.

what

• Use bi-directional UID and GUID mapping in bindfs mount of host filesystem
• Remove host username ($USER) from Geodesic environment

why

• To guard against CVE-2022-24765, git checks the ownership of all directories it looks at for configuration, and complains if it finds a directory with a different owner.
• The host's username was injected to support ansible 8 years ago (Add Support for Native USER #65). It was never working properly on Debian due to the different structure of the adduser command on Debian vs Alpine, and should not be necessary now. If it turns out to be needed for some reason, we should develop a more robust solution.

references

• Git vulnerability to configuration injection
• Supersedes and closes fix: handling of user+group creation on Debian #900