K8S: Non-root by default

Created by: daxmc99

Mutating webhooks that explicitly set runAsNonRoot are becoming more common. Our current default deployment does not run as nonRoot and migrating to a non-root overlay is difficult if you have been running as root.

We should make our base deployment non-root by default and provide an overlay that sets our deployment back to root.

While this will introduce an upgrade burden on existing customers, it will prevent further issues in the future. It will also allow for new customers to adopt Sourcegraph who have higher security requirements.

From distro team sync: https://docs.google.com/document/d/1otP6F8qfm2yNOW1hjTszkkuiYF1MGp31s5ATeA76ij4/edit#bookmark=id.f035etthggje