Run slapd as a limited user.

- Relax the permission on /etc/ssl to allow generating snakeoil
certificate and key.
- Grant the slapd binary CAP_NET_BIND_SERVICE to allow binding to
privileged ports.
- Change owner of /etc/ldap/ldap.conf to allow modifying it in
entrypoint.
- Prepopulate volumes with the correct ownership, permissions and
directory structure to avoid doing it in the entrypoint without root.