Worker Dockerfile: run as non-root (USER scaleplex) by default

[Varashi]

Finding (CodeRabbit on PR #61)

worker/Dockerfile creates the scaleplex user (uid 1000) but never switches to it — the container's default runtime user is root. Compose (user: "1000:100") and k8s (securityContext) override this at the orchestration layer, so prod already runs non-root, but the image default is root.

Proposed (defense-in-depth)

 RUN FONTCONFIG_FILE=/opt/scaleplex/fonts.conf fc-cache -f -v 2>&1 | tail -3
+USER scaleplex
 ENTRYPOINT ["/usr/bin/tini","--","/usr/local/bin/scaleplex-agent"]

Why deferred from PR #61

• Pre-existing pattern (the VAAPI Dockerfile had the same root-default + orchestration-override shape; PR feat(worker): NVIDIA dialect (Phase 1 PR #2) #61 only changed the base image, not the USER behavior). Orthogonal to the NVIDIA dialect work.
• Interacts with setcap cap_perfmon=ep on the agent binary: file caps only matter for non-root processes, and the cap must be in the container's bounding set (compose adds cap_add: PERFMON, k8s adds it to the securityContext). Switching the image default to non-root needs validation that the i915 PMU reader (Intel) + NVML reader (NVIDIA) still get the cap on exec — must test on BOTH backends before shipping.
• Needs a live boot test on Intel (k8s DaemonSet) + NVIDIA (skw-d-frank) to confirm GPU device access (render group / CDI nodes) still works as uid 1000 baked into the image vs injected by the orchestrator.

Refs

• CodeRabbit review on PR feat(worker): NVIDIA dialect (Phase 1 PR #2) #61
• Related: feedback_pvc_workloads_off_gpu_workers (the uid/gid posture)