We have security review points from SonarCloud regarding the user used to run our container images. In most of the Dockerfiles it's not specified, which means that depending on the base image we might be running as root. The same applies to some Dockerfiles where the last stage is based on the `scratch` image.

We should explicitly run with a non-root user always, when possible. It's a common best practice that isn't very difficult to implement and provides great benefit.

Container images that should be updated to run with non-root user (UID/GUID = 1001/1001): 

• Metrics collector
• Grafana dashboard loader
• Multicluster Observability operator
• RBAC query proxy