set UV_PYTHON_INSTALL_DIR to a world readable/executable location

[dimalo]

First of all, thank you for this amazing project and all the effort! I would like to share my part with a first contribution:

I have a problem, not being able to run the vllm-openai amd64 image on Openshift since v0.8.0.

On container start I get a permission error:
/opt/venv/bin/vllm: /opt/venv/bin/python3: Permission denied

Openshift runs containers with non-root users per default.
Turns out that my non-root user (e.g. uid 1001) has access to /opt/venv, but not the python binary:
4 lrwxrwxrwx 1 root root 75 Mar 19 20:35 /opt/venv/bin/python -> /root/.local/share/uv/python/cpython-3.12.9-linux-x86_64-gnu/bin/python3.12

The recent update to use uv #13566 has caused this bug for me.
uv defaults to downloading python if it's not available system-wide (see astral-sh/uv#7710)

There's an easy fix though, as uv has an env var for the target dir:

root@f73620394301:/vllm-workspace# uv python install -h
Download and install Python versions

Usage: uv python install [OPTIONS] [TARGETS]...

Arguments:
  [TARGETS]...  The Python version(s) to install [env: UV_PYTHON=]

Options:
  -i, --install-dir <INSTALL_DIR>  The directory to store the Python installation in [env: UV_PYTHON_INSTALL_DIR=]

Setting UV_PYTHON_INSTALL_DIR="/usr/local/share/uv/python" makes uv install python to a location, other users can access.
I have tested this on my mac, unfortunately not able to run the full amd64 vllm with cuda.
But I was able to run the container as root, change the env var, install another python version, add a user UID1001, log in and run the python interpreter.

Running containers as non-root is a very common way to reduce the attack surface of deployments so hopefully this fix can be released soon :)
I even would very much prefer to switch the default user to some non-root UID by default, what do others think?

I have found no related issues so far, so I didn't bother to create one just to close it again...

[github-actions]

👋 Hi! Thank you for contributing to the vLLM project.

💬 Join our developer Slack at https://slack.vllm.ai to discuss your PR in #pr-reviews, coordinate on features in #feat- channels, or join special interest groups in #sig- channels.

Just a reminder: PRs would not trigger full CI run by default. Instead, it would only run fastcheck CI which starts running only a small and essential subset of CI tests to quickly catch errors. You can run other CI tests on top of those by going to your fastcheck build on Buildkite UI (linked in the PR checks section) and unblock them. If you do not have permission to unblock, ping simon-mo or khluu to add you in our Buildkite org.

Once the PR is approved and ready to go, your PR reviewer(s) can run CI to test the changes comprehensively before merging.

To run CI, PR reviewers can either: Add ready label to the PR or enable auto-merge.

🚀

[mergify]

This pull request has merge conflicts that must be resolved before it can be
merged. Please rebase the PR, @dimalo.

https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/syncing-a-fork

[github-actions]

This pull request has been automatically marked as stale because it has not had any activity within 90 days. It will be automatically closed if no further activity occurs within 30 days. Leave a comment if you feel this pull request should remain open. Thank you!