Change USER to UID instead of name to allow Admission Controller to evaluate
This mirrors my PR here - https://github.com/defenseunicorns/zarf/pull/1922
On clusters that strictly enforce no root containers via an Admission Controller, they can't determine that a named user isn't 0 in the container. This changes the container to identify the USER by UID and GID so the admission controller can allow this through.
Chainguard documents the UID and GID of nonroot at https://edu.chainguard.dev/chainguard/chainguard-images/reference/static/overview/#users.
We can simply change the line USER nonroot:nonroot
to USER 65532:65532
. Other references to nonroot
can stay the same.