Set security_opt to no-new-privileges:true

[jackdawm]

What changed? Locking down some images running in Buildkite to prevent container processes from gaining additional privileges.

Why? Responding to medium findings in Semgrep. Not sure this rises to medium, because of it being development images, but good hygiene is always nice.

How did you test it? Opening this PR so Buildkite can pick it up.

Is hotfix candidate? No