fix: proper Tor user and directory permissions

- Add User tor to torrc for privilege dropping
- chown /var/lib/tor to tor:nogroup before Tor starts
- chmod 755 on hostname directories so root can read them
- Remove invalid chown tor:tor (tor group doesn't exist in Alpine)

tor-proxy/entrypoint.sh

@@ -31,11 +31,9 @@ if [ "$SSH_HOST_IP" = "host.docker.internal" ]; then
 fi
 
 mkdir -p /var/lib/tor/ssh /var/lib/tor/admin
-chmod 700 /var/lib/tor/ssh /var/lib/tor/admin
-
-if id tor >/dev/null 2>&1; then
-    chown -R tor:tor /var/lib/tor
-fi
+chown -R tor:nogroup /var/lib/tor
+chmod 700 /var/lib/tor
+chmod 755 /var/lib/tor/ssh /var/lib/tor/admin
 
 cat > /etc/tor/torrc <<EOF
 # Generated by entrypoint.sh at container start
@@ -59,10 +57,6 @@ cat /etc/tor/torrc
 
 mkdir -p /onion-hosts
 
-if id tor >/dev/null 2>&1; then
-    chown -R tor:tor /onion-hosts
-fi
-
 ( \
   echo "Waiting for onion addresses..."; \
   for i in $(seq 1 120); do \