set user to 65532 on distroless images

Hitting the following which I assume are relevant to all distroless images:

Error: failed to create containerd task: OCI runtime create failed: container_linux.go:367: starting container process caused: chdir to cwd ("/home/nonroot") set in config.json failed: permission denied: unknown

distroless expects NONROOT to be 65532 (here) and will chdir into /home/nonroot, but if the containers default user isn't 65532 it fails to chdir on start. We can remedy this by specifying the user through securityContext.runAsUser, but would much prefer the default configs to work.

Easiest to reproduce on selinux enforcing systems, because without it, distroless will first attempt to run as root which selinux will explicitly deny (above error).