Improve container security

Investigate tightening up container security, looking into Docker's new hardened images as well as Chainguard.

One thing to consider for the web app container - can we still run the scripts required to generate single-use login URLs?