fix(input): run watcher as codex user

input/Docker/Dockerfile

@@ -11,7 +11,6 @@ RUN apt-get update \
     && apt-get install --yes --no-install-recommends \
         python3 \
         python3-venv \
-        gosu \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
@@ -19,8 +18,9 @@ RUN apt-get update \
 # The CLI expects credentials/configuration from the mounted ~/.codex directory.
 RUN npm install --location=global @openai/codex
 
-RUN groupadd -r codex && \
-    useradd -r -m -g codex -s /bin/bash codex
+RUN groupmod --new-name codex node \
+    && usermod --login codex --home /home/codex --move-home node \
+    && chown -R codex:codex /home/codex
 
 WORKDIR /app
 
@@ -28,4 +28,6 @@ COPY watch_and_customize.py entrypoint.sh JobDescriptionNormalizerPrompt.md ./
 
 RUN chmod +x /app/watch_and_customize.py /app/entrypoint.sh
 
+USER codex
+
 ENTRYPOINT ["/app/entrypoint.sh"]