Fix application files/runtime permissions scheme
Introduces new lives configuration that provides the name/UID/GID of
the user that will own application files and installed dependencies.
This new configuration is distinct from runs in that the former
determines application file location ownership and the latter now only
determines runtime process ownership. Default configuration has also
been introduced for both config sections.
In addition to the new configuration, a new build.CopyAs instruction
has been introduced that ensures correct UID/GID ownership of files
copied into the container image, and all unqualified build.Copy
instructions are wrapped by the new build.CopyAs instruction using the
UID/GID appropriate for the current build phase. A new build.User
instruction is also introduced and injected into the build at the start
of certain phases to enforce ownership of build.Run processes.
This effective process/file ownership model is:
PhasePrivileged - "root" PhasePrivilegedDropped - lives.as PhasePreInstall - lives.as PhaseInstall - lives.as PhasePostInstall - runs.as
Test Plan: Run go test ./....
Reviewers: thcipriani, hashar, demon, Release-Engineering-Team
Reviewed By: thcipriani, Release-Engineering-Team
Maniphest Tasks: T187372
Differential Revision: https://phabricator.wikimedia.org/D984