When architecting a new application that needs to be both secure and scalable, which containerization security best practice should be prioritized to ensure the least privilege and prevent unnecessary access to the host system?
Scheduling routine vulnerability scanning for containers and host systems
Implementing strict resource limits on each running container
Mounting all host volumes into containers with read-only access
Segmenting container network traffic using virtual networks
Running containers with non-privileged users and without unnecessary capabilities