Using containers with unprivileged user namespaces is safer than running an
all-powerful Docker daemon, which requires either using root to interact with
(as we did previously), or adding one's regular user to the "docker"
group (which is equivalent to turning it into root).