deploy(chat): roll non-root GX10 image

apps-gx10/fc-chat/deployment-chat-web.json

@@ -83,7 +83,7 @@
                 }
               }
             ],
-            "image": "localhost/fc-chat-web:v20260616-chat-md-a812a81",
+            "image": "localhost/fc-chat-web:v20260617-sec5-chat-358f7ca",
             "imagePullPolicy": "Never",
             "livenessProbe": {
               "failureThreshold": 3,
@@ -105,6 +105,15 @@
                 "protocol": "TCP"
               }
             ],
+            "securityContext": {
+              "allowPrivilegeEscalation": false,
+              "capabilities": {
+                "drop": [
+                  "ALL"
+                ]
+              },
+              "readOnlyRootFilesystem": true
+            },
             "readinessProbe": {
               "failureThreshold": 6,
               "httpGet": {
@@ -133,6 +142,14 @@
               {
                 "mountPath": "/data",
                 "name": "data"
+              },
+              {
+                "mountPath": "/tmp",
+                "name": "temp"
+              },
+              {
+                "mountPath": "/app/logs",
+                "name": "logs"
               }
             ]
           }
@@ -142,7 +159,10 @@
         "schedulerName": "default-scheduler",
         "securityContext": {
           "fsGroup": 1654,
-          "fsGroupChangePolicy": "OnRootMismatch"
+          "fsGroupChangePolicy": "OnRootMismatch",
+          "runAsGroup": 1654,
+          "runAsNonRoot": true,
+          "runAsUser": 1654
         },
         "terminationGracePeriodSeconds": 30,
         "volumes": [
@@ -151,6 +171,14 @@
             "persistentVolumeClaim": {
               "claimName": "chat-web-data"
             }
+          },
+          {
+            "emptyDir": {},
+            "name": "temp"
+          },
+          {
+            "emptyDir": {},
+            "name": "logs"
           }
         ]
       }