geoserver image: add non-root / arbitrary-UID support (root remains default)

[jwkaltz]

Fixes #83

Makes the geoserver image able to run as a non-root user, including an arbitrary UID assigned at runtime. The image continues to run as root by default, so this is backward compatible.

Changes

Scripts:

• entrypoint.sh / set_geoserver_auth.sh: Replace the hardcoded /root home with ${GEOSERVER_HOME} (defaults to /root, preserving current behavior when running as root). The .bashrc / .override_env sourcing is guarded with [ -f ] so missing files are skipped instead of aborting under set -e.
• entrypoint.sh: check that GEOSERVER_HOME is writable, so a non-root run without a writable home fails with a clear message.
• set_geoserver_auth.sh: Write the temp file via mktemp instead of xml.tmp in the current working directory, which is not writable for a non-root user. Add explicit error handling on the write-back.
• entrypoint.sh: Fix a quoting bug in the FORCE_REINIT test ([ ${FORCE_REINIT} = "true" ] → [ "${FORCE_REINIT:-false}" = "true" ]) that produced "unary operator expected" when the variable was unset.

Dockerfile:

• Add a geoserver user (configurable GEOSERVER_UID, default 1000) in group 0, with chmod g=u on the writable dirs so the image can run as any UID in group 0. No USER statement is added — root stays the default. File ownership is set to ${GEOSERVER_UID}:0; running as root is unaffected since root ignores file permissions.
• Move the helper scripts from /usr/local/tomcat/tmp to /opt/geoserver/bin, with a backward-compat symlink at the old entrypoint path.
• Move two always-constant runtime edits to build time (the xom/bcprov exclusion in catalina.properties, and creating conf/Catalina/localhost) and default -XX:LogFile to /tmp/jvm.log. This lets the image also run under readOnlyRootFilesystem when the scratch dirs are mounted writable — optional, not required.

Backward compatibility

Root remains the default user and the default GEOSERVER_HOME falls back to /root, so existing root-based deployments are unaffected. GEOSERVER_HOME is configurable for non-root use (e.g. /tmp, or a writable volume mounted over /home/geoserver).

Testing

Verified the image in three modes:

• root (default, no flags): starts and processes config as before; GEOSERVER_HOME falls back to /root.
• non-root without GEOSERVER_HOME: fails fast with a clear message instructing the user to set a writable GEOSERVER_HOME
• non-root with GEOSERVER_HOME=/tmp (--user 1000:0): starts correctly and is fully functional (tested in Rancher Kubernetes).

---