chore(ci): add non root user

fhevm-engine/coprocessor/Dockerfile

@@ -1,25 +1,30 @@
 # Stage 1: Build
-FROM rust:1.80.1-bullseye AS build
+FROM rust:1.82.0-bullseye AS build
+
+WORKDIR /app
 
 # Install dependencies
 RUN apt-get update && \
     apt-get install -y --no-install-recommends protobuf-compiler && \
     rm -rf /var/lib/apt/lists/*
 
-# Copy necessary files
-WORKDIR /app
-COPY fhevm-engine/coprocessor /app/fhevm-engine/coprocessor
-COPY fhevm-engine/Cargo.toml /app/fhevm-engine/
-COPY fhevm-engine/Cargo.lock /app/fhevm-engine/
+COPY ./fhevm-engine/ ./fhevm-engine/
+
+WORKDIR /app/fhevm-engine/coprocessor
 
-# Build with SQLX offline flag
+RUN cargo fetch
 RUN SQLX_OFFLINE=true cargo build --release
 
 # Stage 2: Final image
 FROM debian:bullseye-slim
 
-# Copy the built binary
-COPY --from=build /app/fhevm-engine/target/release/coprocessor /usr/local/bin
+RUN useradd -m zama
+
+COPY --from=build /app/fhevm-engine/coprocessor/target/release/coprocessor /usr/local/bin
+
+RUN chown zama:zama /usr/local/bin/coprocessor && \
+    chmod 500 /usr/local/bin/coprocessor
+
+USER zama
 
-# Entrypoint
 ENTRYPOINT ["/usr/local/bin/coprocessor"]