Add securityContext configuration

[juusujanar]

This PR adds securityContext to containers with static images (can not be changed via values.yaml) and customizable securityContext to values.yaml for the image, that can be set in values.yaml.

This only configures the timescaledb-single node chart. I have not worked with multinode chart yet.

Related to #124

[feikesteenbergen]

Perhaps even better if we use .Values.securityContext.runAsUser everywhere we currently use the literal 1000

[juusujanar]

Added documentation to values.yaml.

Also I found this: both, single and multinode, values.yaml refer that image was built from https://github.com/timescale/timescaledb-docker-ha, however that repository is not publicly accessible. Is this expected behaviour?

I also looked into timescaledb-multinode (timescaledev/timescaledb:2.0.0-beta3-pg11) image, however that container does not seem to have any dedicated user for running as non-root. Not sure if any other user would work.

janar@docker-test:~$ docker run --rm -it timescaledev/timescaledb:2.0.0-beta3-pg11 bash
bash-5.0# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
bash-5.0# cat /etc/passwd
root:x:0:0:root:/root:/bin/ash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/usr/lib/news:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
man:x:13:15:man:/usr/man:/sbin/nologin
postmaster:x:14:12:postmaster:/var/spool/mail:/sbin/nologin
cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
ftp:x:21:21::/var/lib/ftp:/sbin/nologin
sshd:x:22:22:sshd:/dev/null:/sbin/nologin
at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin
squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin
xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin
games:x:35:35:games:/usr/games:/sbin/nologin
postgres:x:70:70::/var/lib/postgresql:/bin/sh
cyrus:x:85:12::/usr/cyrus:/sbin/nologin
vpopmail:x:89:89::/var/vpopmail:/sbin/nologin
ntp:x:123:123:NTP:/var/empty:/sbin/nologin
smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin
guest:x:405:100:guest:/dev/null:/sbin/nologin
nobody:x:65534:65534:nobody:/:/sbin/nologin

[feikesteenbergen]

The multinode chart will see quite an overhaul soon; it will become much more like the singlenode chart, except it will contain multiple statefulsets, so I don't think we should be spending too much time there.

[feikesteenbergen]

This does fall flat on its face if the runAsUser is not 1000.

There's a few install -o postgres -d postgres -m 0700 calls all over the place, which assume 1000.
Even if we do fix that, there's the reliance on $HOME sometimes being /home/postgres.

So, I'm not saying this shouldn't go in, but it needs more fundamental work than just flipping the swtich.

We could add it, but remove the user configurable runAsUser, as exposing in the current state would only cause bugs for those that would use a value other than 1000.