What are the security implications of running a container as the root user, and how do you mitigate this risk in Turing-managed services?