Cherry-pick #21202 to 7.x: Stop running auditbeat container as root by default

[jsoriano]

Cherry-pick of PR #21202 to 7.x branch. Original message:

What does this PR do?

Stop running Auditbeat container as root by default. After this change, when user root is required it will need to be explicitly set on runtime. This is already done in Kubernetes manifests and some other examples in the documentation, so change is probably not so breaking.
Also USER root is usually not enough to be fully privileged, so some customization was always expected when running Auditbeat on docker.

Why is it important?

Using USER root in docker images is not a very good practice, and is not allowed in some certification processes (see #20996).

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

• Run Auditbeat on docker using a configuration that requires root privileges.

Related issues

• Part of Support running Auditbeat and Elastic Agent docker images without root #20996.
• Related to Improve support of Beats on Kubernetes restricted environments #19600.

[elasticmachine]

Pinging @elastic/integrations-platforms (Team:Platforms)

[elasticmachine]

Pinging @elastic/siem (Team:SIEM)

[elasticmachine]

💚 Build Succeeded

Expand to view the summary

Build stats

• Build Cause: [Pull request #21291 opened]

• Start Time: 2020-09-24T11:49:47.338+0000

• Duration: 68 min 58 sec

Test stats 🧪

Test	Results
Failed	0
Passed	595
Skipped	81
Total	676