security: add non-root user to Dockerfile and triage Semgrep findings

Author: quantumdynamics927-dotcom

Dockerfile

@@ -35,6 +35,13 @@ COPY --from=frontend-builder /app/web/dist /app/web/dist
 # Expose port
 EXPOSE 8000
 
+# Create non-root user for security
+RUN adduser --disabled-password --gecos '' appuser && \
+    chown -R appuser:appuser /app
+
+# Switch to non-root user
+USER appuser
+
 # Environment variables
 ENV PYTHONPATH=/app
 ENV QPYTH_BACKEND=automatic