Currently envoy runs as root in the docker container.

Arguably, its more secure to run as non-root.

Allowing the user to be configurable also allows envoy to access/listen to sockets as a particular user or group.

I can PR if its helpful.

I have an example implementation here https://github.com/phlax/envoy