Currently cwltool allows containers to be run as root while toil does not. This leads to issues when people use different executors. We should settle on whether we allow this or not, put this in the spec and adjust the reference runner accordingly.

cc: @tetron , @mr-c

I agree that we should formalize this requirement and remove the option from cwltool.

This would be in agreement with the peer reviewed article "Recommendations for the packaging and containerizing of bioinformatics software" https://doi.org/10.12688/f1000research.15140.2