Allow st2web container to be runable as Non-Root

[jk464]

It is good security practice to run containers without root and minimal privileges.

However, the st2web container attempts to expose on port 80 and 443, which are both <1000 privileged ports.

This PR changes the exposed ports to 8080 / 8443, non-privileged ports.

It also edits permissions on NGINX files, to allow nginx to run as the nginx user.

[jk464]

@cognifloyd I've hopefully actioned all your items - also added in some updates to the st2web README, and also note the latest nginx packages on ubuntu change the nginx user to have 999:999 uid/gid instead of 101:101 - so I've had to update that.

We probably want to pin the nginx version so it doesn't change on arbitrary image builds?

[cognifloyd]

@cognifloyd I've hopefully actioned all your items - also added in some updates to the st2web README, and also note the latest nginx packages on ubuntu change the nginx user to have 999:999 uid/gid instead of 101:101 - so I've had to update that.

We probably want to pin the nginx version so it doesn't change on arbitrary image builds?

I don't like to manually pin versions most of the time because then someone has to manage that pin. Most of the time (in my experience at least) pins are not well documented, so no one dares to update it until there is a CVE or some other bug or missing feature that forces an update. So, I hesitate to add pinning here without a good plan for how we'll manage that.

[jk464]

@cognifloyd that should be all the issues resolved