[mod] container: refactor entrypoint script

That entrypoint is prone to screw things up, especially with permission handling. The new script handles initialization better and fixes some issues like delayed settings update via ENVs and timestamp overwriting, also adjusts what should be copied into the container.

Related https://github.com/searxng/searxng/pull/4721#issuecomment-2850272129

container/legacy/Dockerfile

@@ -1,5 +1,3 @@
-# For armv7 architecture
-
 FROM docker.io/library/python:3.13-slim AS builder
 
 RUN apt-get update \
@@ -26,11 +24,9 @@ RUN --mount=type=cache,id=pip,target=/root/.cache/pip python -m venv ./venv \
 COPY ./searx/ ./searx/
 
 ARG TIMESTAMP_SETTINGS=0
-ARG TIMESTAMP_UWSGI=0
 
 RUN python -m compileall -q searx \
  && touch -c --date=@$TIMESTAMP_SETTINGS ./searx/settings.yml \
- && touch -c --date=@$TIMESTAMP_UWSGI ./container/uwsgi.ini \
  && find /usr/local/searxng/searx/static \
     \( -name '*.html' -o -name '*.css' -o -name '*.js' -o -name '*.svg' -o -name '*.ttf' -o -name '*.eot' \) \
     -type f -exec gzip -9 -k {} + -exec brotli --best {} +
@@ -70,7 +66,12 @@ WORKDIR /usr/local/searxng/
 
 COPY --chown=searxng:searxng --from=builder /usr/local/searxng/venv/ ./venv/
 COPY --chown=searxng:searxng --from=builder /usr/local/searxng/searx/ ./searx/
-COPY --chown=searxng:searxng ./container/ ./container/
+COPY --chown=searxng:searxng ./container/config/ ./.template/
+COPY --chown=searxng:searxng ./container/entrypoint.sh ./entrypoint.sh
+
+ARG TIMESTAMP_UWSGI="0"
+
+RUN touch -c --date=@$TIMESTAMP_UWSGI ./.template/uwsgi.ini
 
 LABEL org.opencontainers.image.authors="searxng <$GIT_URL>" \
       org.opencontainers.image.created=$LABEL_DATE \
@@ -103,4 +104,4 @@ EXPOSE 8080
 
 HEALTHCHECK CMD wget --quiet --tries=1 --spider http://localhost:8080/healthz || exit 1
 
-ENTRYPOINT ["/usr/local/searxng/container/docker-entrypoint.sh"]
+ENTRYPOINT ["/usr/local/searxng/entrypoint.sh"]