chore: add default user for enhanced security (#267)

- Add a new `.hadolint.yaml` configuration file with specific rule ignores
- Update the Dockerfile to install `ca-certificates` without a fixed version
- Add commands to create a `deploy` user and group with UID and GID `1000`, set home directory, and set ownership
- Set the Docker container to run as the `deploy` user with UID and GID `1000`

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

.hadolint.yaml

@@ -0,0 +1,3 @@
+ignored:
+  - DL3018
+  - DL3008

docker/Dockerfile

@@ -12,9 +12,26 @@ LABEL org.opencontainers.image.source=https://github.com/appleboy/drone-ssh
 LABEL org.opencontainers.image.description="Execute commands on a remote host through SSH"
 LABEL org.opencontainers.image.licenses=MIT
 
-RUN apk add --no-cache ca-certificates=20230506-r0 && \
+RUN apk add --no-cache ca-certificates && \
   rm -rf /var/cache/apk/*
 
+RUN addgroup \
+  -S -g 1000 \
+  deploy && \
+  adduser \
+  -S -H -D \
+  -h /home/deploy \
+  -s /bin/sh \
+  -u 1000 \
+  -G deploy \
+  deploy
+
+RUN mkdir -p /home/deploy && \
+  chown deploy:deploy /home/deploy
+
+# deploy:deploy
+USER 1000:1000
+
 COPY release/${TARGETOS}/${TARGETARCH}/drone-ssh /bin/
 
 ENTRYPOINT ["/bin/drone-ssh"]