feat: add user input to not create downloaded files with root owner

[toy]

We noticed that downloaded files are created owned by root which created a problem in our workflow, this is caused by action being a docker action and container being run by root.
There doesn't seem to be an option to specify the container user, so this PR introduces user input that accepts either explicit uid:git pair or given value auto will set them to the owner of .git and run the docker script as that user/group.

[andrii-bodnar]

Hi @toy, thank you for the contribution!
Is this the same case as described in #284?

[toy]

@andrii-bodnar Yes it is, sorry for not checking previous issues here, did it only for the CLI repo before realising that the issue is in the action

[toy]

@andrii-bodnar I assume this solution would be better then #285, as it doesn't change the behaviour if user is not set

[andrii-bodnar]

@toy yes, making it configurable and opt-in makes much more sense and safer. The only thing I concerned in the current approach is the possibility to specify explicit ID.

There is a risk that running the whole action under an arbitrary uid:gid may break access to GitHub Actions runner-mounted paths such as $GITHUB_OUTPUT or other internal directories if that user does not match the actual runner/workspace ownership.

Some related reports: runner-images#10915, runner#1282.

The auto feels safer to support than arbitrary IDs. Please let me know what you think.

[toy]

@andrii-bodnar I think I'm on the side of allowing people to «shoot themselves in the foot» if they want to, but if you foresee support requests, probably better to make it a boolean renaming to something like switch-to-workspace-user

[andrii-bodnar]

@toy it's difficult to foresee whether it will become common issue. Let's release it as it is and observe. It should only be relevant to a very small number of users.

[andrii-bodnar]

Available in v2.16.0 (as well as in the v2 alias)

[toy]

thank you

[Bertg]

Glad this PR exists, but a bit sad that the default has remained unchanged.

Issues regarding this have been reported at least since April 2024. Back then no action was taken, but I'm so glad we have the auto option.

I would strongly advocate and support making auto the default. If need be the action should increase its major version to change this default. As it stands this issue will keep biting people (it did again for us).

[andrii-bodnar]

@Bertg thank you for the feedback! We'll consider changing the default value in the next major release.