Nonroot container, that is smaller and builds faster

[Hoekstraa]

Hi!

I made some adjustments to the Dockerfile to do the following:

• Switch to an Alpine build image (~9 MiB vs ~103 MiB) for faster pulls on initial build
• Remove install step in build container, as curl isn't used at all
• Use a distroless container image, decreasing the size and security profile of the resulting image (~420 vs ~700 MiB)
• Update to a newer LTS release for the JRE
• Make the image nonroot

The last one being the primary motivator. Making the image non-root improves the security profile of the image, and allows it to run in stricter k8s namespaces (tested) and should now also function in OpenShift (untested, see [1]). I believe this is important as these images might be exposed to the internet and as such should have basic security precautions taken.

As this change makes the container run with less privileges, users who run this container in a 'rootful' manner may need to adjust permissions on the (contents of) their user data volume.

[1]: For ownership of /app/, the GID is set to 0, instead of the user's group, to be able to deal with the random user ID assignment strategy OpenShift applies: "The Container user is always a member of the root group, so it can read or write files accessible by GID=0" (A Guide to OpenShift and UIDs, W. C. Babilonia)