Implement Security Context for Deckhand

Implement container and pod level security context for the following
Deckhand resources:

- Deckhand server deployment

Change-Id: I23cd742cc3b76b4e5de67d3b8bb195ec3899fc0f

charts/deckhand/templates/deployment.yaml

@@ -39,6 +39,7 @@ spec:
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
     spec:
       serviceAccountName: {{ $serviceAccountName }}
+{{ dict "envAll" $envAll "application" "deckhand" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       nodeSelector:
         {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }}
       terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.deckhand.timeout | default "30" }}
@@ -62,6 +63,7 @@ spec:
           image: {{ .Values.images.tags.deckhand }}
           imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "deckhand" "container" "deckhand_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           ports:
             - containerPort: {{ tuple "deckhand" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
           livenessProbe:

charts/deckhand/values.yaml

@@ -324,6 +324,14 @@ conf:
     formatter_simple:
       format: "%(asctime)s.%(msecs)03d %(process)d %(levelname)s: %(message)s"
 pod:
+  security_context:
+    deckhand:
+      pod:
+        runAsUser: 65534
+      container:
+        deckhand_api:
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
   mounts:
     deckhand_db_init:
       init_container: null