Run the sample-webhook process as a non-root user in the Docker image

Signed-off-by: Richard Wall <richard.wall@jetstack.io>

devel/addon/samplewebhook/sample/BUILD.bazel

@@ -1,9 +1,17 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
 load("@io_bazel_rules_docker//go:image.bzl", "go_image")
+load("@io_bazel_rules_docker//container:container.bzl", "container_image")
+
+container_image(
+    name = "nonroot_go_image_static",
+    base = "@go_image_static//image",
+    # See https://github.com/GoogleContainerTools/distroless/blob/2cac07c7c62b2dc52c4274a1810939fb06039ab9/base/base.bzl#L9
+    user = "65532",
+)
 
 go_image(
     name = "image",
-    base = "@static_base//image",
+    base = ":nonroot_go_image_static",
     binary = ":sample",
     tags = ["manual"],
     visibility = ["//visibility:public"],