add securityContext and /proc/1/root tips for ephemeral containers

[timm13]

Two additions to the Troubleshooting Volume Mounts section, sourced from customer feedback (ticket 8947):

• Pods enforcing runAsNonRoot: wolfi-base runs as root by default and will fail with CreateContainerConfigError unless the ephemeral container patch includes a matching securityContext.

• Accessing the target container filesystem without volumeMounts: /proc/1/root/ traverses the target container's full mount namespace (overlay + Kubernetes volumes), provided the ephemeral container runs as the same UID. Explicit volumeMounts remain the fallback when security policies block /proc access.

Both points verified against a live k3d cluster:

1. Deployed pod with runAsNonRoot: true (no runAsUser) and confirmed ephemeral wolfi-base container fails with CreateContainerConfigError
2. Added securityContext: {runAsUser: 65532, runAsNonRoot: true} to the patch and confirmed container starts
3. Deployed pod with emptyDir volume at /var/log and file at /tmp (overlay); confirmed both accessible via /proc/1/root/ from ephemeral container without volumeMounts
4. Confirmed /var/log in ephemeral container is empty without explicit volumeMounts

[netlify]

✅ Deploy Preview for ornate-narwhal-088216 ready!

Name	Link
🔨 Latest commit	af74e21
🔍 Latest deploy log	https://app.netlify.com/projects/ornate-narwhal-088216/deploys/6a0a18bb80151900081779b0
😎 Deploy Preview	https://deploy-preview-3334--ornate-narwhal-088216.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.