Use nginx-unprivileged base image for improved security

[bjw-s]

This PR modifies the Dockerfile (and as a result the docker-compose file and nginx config) to use an nginx image (https://github.com/nginx/docker-nginx-unprivileged) that runs unprivileged.

This effectively means:

• The container no longer runs as root (even though it ran nginx with its own user before, the container was still running with root user privileges)
• It is now using port 8080 instead of 80

[Nerivec]

The port is a breaking change for previous deployments (though I suppose we could keep 80 since Docker >=20.03 is fine with any port as far as I know). Might be others too (like swarm)?
Could we maybe publish this as a separately tagged image if the need for it is significant?

I'm not a big Docker user (rootless even less), I don't have a good viewpoint on this...

[bjw-s]

Thanks for the feedback! I've gone and made the NGINX port configurable. It will run on port 80 by default (like the old image did), but it can now be configured through the NGINX_PORT environment variable if anyone wants to change it.