INFRA-2954, the default "jenkins" user should not be able to get administraton's right through sudo.
As we are using these images for Docker, it means that the Docker Engine should be executed in rootless mode (https://docs.docker.com/engine/security/rootless/) to mitigate the risks when a container breakout happen, even if the ephemeral nature of these machines already helps in this area.
Switching to rootless (e.g. using namespace) is:
- Only available on Linux container
- Might break some edge case builds, because it disable a few features as `--network=host`. If it is the case, a discussion will have to be triggered because "smelly security smell".
We have to be careful
INFRA-3006=> consequence of changing the default UID of the user "jenkins" from 1000 to 1001 broke some usages in the ATH INFRA-3016=> test harness of the Jenkins Docker image (or any usage of this image assuming the default UID of 1000) might also break with rootless (as Docker will namespace users)