Allow writing to default log directory for `nginx:root`

[sigv]

Is your feature request related to a problem? Please describe.

Currently, build/Dockerfile ensures that the default log directory /var/log/nginx can be written to by UID 101 (nginx) and GID 0 (root) in App Protect image variant. However, in other image variants, this is not being ensured as part of build process.

UID 101 is used for the container image, and should be allowed.
Proposed changes in #3665 (randomization of UID/GID by OpenShift security policies) require GID 0 to be also allowed.

Describe the solution you'd like

All image variants ensure 101:0 (nginx:root) can write to /var/log/nginx directory.

Describe alternatives you've considered

Either:

• Specifying a policy that writing to the default log directory is not supported.
• Not moving forward with random UID/GID assignment by OpenShift.

Additional context

This is a pre-requisite for smooth implementation of #3544.

In current context (until OpenShift UID/GID change), this change is essentially a no-op.

[github-actions]

Hi @sigv thanks for reporting!

Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this 🙂

Cheers!