Feature/maybe nicer dockerfile

What does this PR do?

Three things:

• bring our Dockerfile closer to upstream's
• make sure the container image contains the correct dependencies
• don't run as root

Many thanks to @luna for instigating this investigation.

Bring our Dockerfile closer to upstream's

We really don't need the 3 stages (native build, target build, runner), and I'm pretty sure upstream doesn't need them either (people who actually know Docker can probably correct me here, but I don't think you can run an arm64 image on a x86_64 machine… so BUILDPLATFORM and TARGETPLATFORM can't be that different), so I have not copied that bit.

Also, our images are based on Alpine, upstream's on Debian, and I see no reason to switch.

Still, we can definitely reduce the differences between our Dockerfiles.

Make sure the container image contains the correct dependencies

Our Dockerfile ran pnpm i without the --frozen-lockfile argument, which resulted in the installation of potentially different versions; this was done because after running trim-deps.mjs the lockfile was no longer valid. But pnpm prune fixes that, without touching the versions, so now we can have our dependencies trimmed, and still keep the correct versions.

NOTE: I think trimming deps saves us only about 100KB, so we may just… not do it.

Don't run as root

As a side-effect of staying closer to upstream, we should run as a non-privileged user. Even if root inside the container is not the superuser of the host, it can still read and write everywhere, and Sharkey doesn't need that.

Contribution Guidelines By submitting this merge request, you agree to follow our Contribution Guidelines

• I agree to follow this project's Contribution Guidelines
• I have made sure to test this pull request

NOTE: I have tested that it builds, I have not tested that it runs!!