GUACAMOLE-1110: Shrinks container footprint, higher security and reliability check

Dockage image size will reduced by install only package dependencies (without recommendations). The guacd process runs as a non-privileged user and will be checked by netcat.

Dockerfile

@@ -90,6 +90,7 @@ ENV LD_LIBRARY_PATH=${PREFIX_DIR}/lib
 ENV GUACD_LOG_LEVEL=info
 
 ARG RUNTIME_DEPENDENCIES="            \
+        netcat-openbsd                \
         ca-certificates               \
         ghostscript                   \
         fonts-liberation              \
@@ -100,15 +101,21 @@ ARG RUNTIME_DEPENDENCIES="            \
 COPY --from=builder ${PREFIX_DIR} ${PREFIX_DIR}
 
 # Bring runtime environment up to date and install runtime dependencies
-RUN apt-get update                                          && \
+RUN apt-get update                                                                  && \
-    apt-get install -y $RUNTIME_DEPENDENCIES                && \
+    apt-get install -y --no-install-recommends $RUNTIME_DEPENDENCIES                && \
-    apt-get install -y $(cat "${PREFIX_DIR}"/DEPENDENCIES)  && \
+    apt-get install -y --no-install-recommends $(cat "${PREFIX_DIR}"/DEPENDENCIES)  && \
     rm -rf /var/lib/apt/lists/*
 
 # Link FreeRDP plugins into proper path
 RUN ${PREFIX_DIR}/bin/link-freerdp-plugins.sh \
         ${PREFIX_DIR}/lib/freerdp2/libguac*.so
 
+# Checks the operating status every 5 minutes with a timeout of 5 seconds
+HEALTHCHECK --interval=5m --timeout=5s CMD nc -z 127.0.0.1 4822 || exit 1
+
+# Run with user nobody
+USER nobody
+
 # Expose the default listener port
 EXPOSE 4822