Skipped tests that are not problematic should be UNKNOWN rather than INFO; the affected rules cannot evaluate without their input, so they are non-evaluations, not findings.
Add USER 65534:65534 to the scratch runtime image so the checker process does not run as root.
