kitchen: Run as non-root user

The *kitchen* server service does not need to run as root or have any
access to writable storage.

kitchen/kitchen.yaml

@@ -42,11 +42,17 @@ spec:
         ports:
         - containerPort: 8000
           name: http
+        securityContext:
+          readOnlyRootFilesystem: true
         volumeMounts:
         - name: config
           mountPath: /kitchen.yaml
           subPath: config.yaml
           readOnly: true
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 17402
+        runAsGroup: 17402
       volumes:
       - name: config
         secret: