Description of feature

Hi @josegonzalez,

I've taken some interest in the security of containers with apps built by Dokku (and Herokuish buidpacks) and it looks like they all require root privileges to run - even though the processes themselves, e.g. node run with herokuishuser user privileges:

herokuishuser:x:32767:32767:,,,,:/app:/bin/bash

When I made an investment in "how it works", my test image has as the default command:

            "Env": [
                "CACHE_PATH=/cache",
                "USER=herokuishuser",
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "STACK=heroku-22",
                "DEBIAN_FRONTEND=noninteractive"
            ],
            "Cmd": [
                "/build"
            ],

Why is it not the /start command? Run as herokuishuser?

Anyway - the /build command creates a /.basher directory, and then a chown is executed on the /app directory.

Wouldn't it be better if these containers didn't require root permissions? The cases where a process requires a TCP port < 1024 (privileged port) are negligible.
What do you think about this? Is there any contraindication I don't know about that requires root privileges for containers with applications built by Dokku?