remove `privileged: true` from docker-compose

[martenson]

This is likely a critical security issue allowing full app and system access to a potential attacker.

llm suggest this as a possible resolution, take with a big grain of salt:

  services:
    tesp-api:
      # Remove: privileged: true
      cap_add:
        - NET_BIND_SERVICE  # Only if you need to bind to privileged ports (< 1024)
        # Or simply run on unprivileged ports (you're already using 8080)
      security_opt:
        - no-new-privileges:true  # Prevent privilege escalation
      # ...

    pulsar_rest:
      # If you truly need Docker-in-Docker, use a safer alternative:
      # Remove: privileged: true
      volume_mounts:
        - /var/run/docker.sock:/var/run/docker.sock
      Consider using: "Docker socket proxy" or "Rootless Docker"