Hardening: Change nginx container to unprivileged

[voima-eetu]

Summary

Hardening for production environments. According to 'OWASP Docker Security Cheat Sheet' Docker container should be configured with unprivileged user. In addition nginx container is hardened by dropping all capabilities. The most secure setup is to drop all capabilities --cap-drop all

Changes:

• Official nginxinc unprivileged container nginx:mainline-alpine -> nginxinc/nginx-unprivileged:mainline-alpine
• Required changes from nginxinc/nginx-unprivileged

• The default NGINX listen port is now 8080 instead of 80.
• The default NGINX user directive in /etc/nginx/nginx.conf has been removed.
• The default NGINX PID has been moved from /var/run/nginx.pid to /tmp/nginx.pid.
• Change *_temp_path variables to /tmp/*.
• Nginx container is run with limited set of Linux kernel capabilities cap_drop: - ALL

[mattermod]

Hello @voima-eetu,

Thanks for your pull request! A Core Committer will review your pull request soon. For code contributions, you can learn more about the review process here.

[mattermod]

This PR has been automatically labelled "stale" because it hasn't had recent activity. A core team member will check in on the status of the PR to help with questions. Thank you for your contribution!

/cc @jasonblais @jfrerich @emilyacook

[voima-eetu]

Hate to be that guy but: Any updates on these(this and https://github.com/mattermost/mattermost-docker/pull/526)? @jfrerich @cpanato

[voima-eetu]

By the way, as this was my first merged PR to any mattermost repo, is it possible to get the famous Limited Edition Mattermost Mug ? :slightly_smiling_face: @emilyacook