fix(m365): Container security fixes

[jacdavi]

🗣 Description

1. Manually install OPA so that we can update independent of ScubaGear for vulnerabilities
   a. Updated to 1.3.0
2. Run image as ContainerUser user rather than ContainerAdministrator
3. Make it so we always run the image scan so that we can get scan results for PRs

💭 Motivation and context

Updating OPA will address some vulnerabilities marked by Trivy scans. Updating the docker container use will fix an issue marked by Trivy.

🧪 Testing

Verified container could build and run without issue.

✅ Pre-approval checklist

• This PR has an informative and human-readable title.
• PR targets the correct parent branch (e.g., main or release-name) for merge.
• Changes are limited to a single goal - eschew scope creep!
• Changes are sized such that they do not touch excessive number of files.
• All future TODOs are captured in issues, which are referenced in code comments.
• Related issues these changes resolve are linked preferably via closing keywords.
• All relevant repo and/or project documentation updated to reflect these changes.
• All automated checks (e.g., linting, static analysis, unit/smoke tests) passed.

✅ Post-merge checklist

• Feature branch deleted after merge to clean up repository.
• Verified that all checks pass on parent branch (e.g., main or release-name) after merge.