Use custom container image to build the website
We want to give the CI enough privileges to push commits to tails.git (because Ikiwiki updates .po files), and one concern is with the authenticity of the container images we use, as tampered images could make use of those privileges.
This is only one step towards mitigating the risks of giving those privileges to the GitLab Runner. It's not enough and the final result will be documented in the process of sysadmin#17364 (closed).
Edited by Zen Fu