fix: set git safe.directory at system level for non-root container users (#1262)

Switches the safe.directory "*" config from --global (only written to
/root/.gitconfig) to --system (/etc/gitconfig) so it applies regardless
of which user runs git. The image intentionally sets no USER directive
and can be run as an arbitrary --user, where the global config was never
read, leaving the "dubious ownership" error unfixed.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Author: brendan-kellam

CHANGELOG.md

@@ -20,6 +20,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Expired offline license keys no longer crash the process. An expired key now degrades to the unlicensed state. [#1106](https://github.com/sourcebot-dev/sourcebot/pull/1106)
 - Improved the `setup-sourcebot` wizard: prompts for a setup directory, clarifies that secrets are stored locally in `.env`, switches multi-select to Tab, hides "No results" until a real search runs, and detects/cleans up conflicting Docker deployments and volumes before starting. [#1106](https://github.com/sourcebot-dev/sourcebot/pull/1106)
 
+### Fixed
+- Fixed git "dubious ownership" errors when the container runs as a non-root user by setting `safe.directory` at the system level instead of the global (root-only) level. [#1106](https://github.com/sourcebot-dev/sourcebot/pull/1106)
+
 ## [4.17.4] - 2026-05-30
 
 ### Changed

Dockerfile

@@ -250,7 +250,7 @@ COPY --chown=sourcebot:sourcebot --from=shared-libs-builder /app/packages/shared
 COPY --chown=sourcebot:sourcebot --from=shared-libs-builder /app/packages/queryLanguage ./packages/queryLanguage
 
 # Fixes git "dubious ownership" issues when the volume is mounted with different permissions to the container.
-RUN git config --global safe.directory "*"
+RUN git config --system safe.directory "*"
 
 # Configure the database
 RUN mkdir -p /run/postgresql && \