- Specify Docker registry explicitly (e.g., Podman does not use
`docker.io` by default)
- Use `make miniflux` instead of duplicating `go build` arguments (this
leverages Go's PIE build mode)
- Enable cgo to fix ARM containers (we need to make sure to use the same
OS version for both container stages to avoid libc issues)
This patch adjusts the distroless image to use the predefined non-root UID, which uses explicit UID definitions. This allows orchestrators like Kubernetes to validate non-zero UIDs directly by checking the Image metadata.
The previous setup without an explicit `runAsUser` in the securityContext would produce the following error when enabling `runAsNonRoot`:
```
Error: container has runAsNonRoot and image has non-numeric user (nonroot), cannot verify user is non-root (pod: "miniflux-97cc5955f-pt7vf_miniflux(d1c56d29-ea0a-407c-b3f3-9821fbd7ee61)", container: miniflux)
```
