Drop all capabilities by default in Elastic Agent containers (#1794)

Drop all capabilities by default in Elastic Agent containers created
by elastic-package (Elastic Agent from stack and custom agents) making
use of `cap_drop` from docker-compose/docker.

Author: mrodm

internal/agentdeployer/_static/docker-agent-base.yml.tmpl

@@ -18,6 +18,8 @@ services:
       - {{ . }}
     {{- end }}
     {{ end }}
+    cap_drop:
+      - ALL
     {{ if .ports }}
     ports:
     {{- range .ports }}

internal/servicedeployer/_static/docker-custom-agent-base.yml

@@ -6,6 +6,8 @@ services:
       retries: 180
       interval: 1s
     hostname: docker-custom-agent
+    cap_drop:
+      - ALL
     environment:
       - FLEET_ENROLL=1
       - FLEET_URL=https://fleet-server:8220

internal/stack/_static/docker-compose-stack.yml.tmpl

@@ -139,6 +139,8 @@ services:
       interval: 5s
     hostname: docker-fleet-agent
     env_file: "./elastic-agent.env"
+    cap_drop:
+    - ALL
     volumes:
     - "../certs/ca-cert.pem:/etc/ssl/certs/elastic-package.pem"
     - type: bind

internal/stack/_static/serverless-docker-compose.yml.tmpl

@@ -9,6 +9,8 @@ services:
       interval: 5s
     hostname: docker-fleet-agent
     env_file: "./elastic-agent.env"
+    cap_drop:
+    - ALL
     volumes:
     - type: bind
       source: ../../../tmp/service_logs/