feat(renovate): Set restrictive securityContext settings

Inm order to fulfill the restricted, not just baseline Pod Security
Standards, it's required to set these fields explicitly.

apps/base/renovate/release.yaml

@@ -41,6 +41,12 @@ metadata:
   namespace: renovate
 data:
   values.yaml: |
+    renovate:
+      securityContext:
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop:
+            - ALL
     serviceAccount:
       create: true
     extraVolumes:
@@ -51,7 +57,12 @@ data:
       - name: cache
         mountPath: /cache
     securityContext:
+      runAsNonRoot: true
+      runAsUser: 1000
+      fsGroupChangePolicy: Always
       fsGroup: 1000
+      seccompProfile:
+        type: RuntimeDefault
     resources:
       requests:
         cpu: 100m