Task still requires privileged access (run image: run-jammy-full)

[novellat]

It is failing in the create step.

2024/08/07 13:37:33 warning: unsuccessful cred copy: ".docker" from "/tekton/creds" to "/": unable to create destination directory: mkdir /.docker: permission denied
2024/08/07 13:37:33 warning: unsuccessful cred copy: ".gitconfig" from "/tekton/creds" to "/": unable to open destination: open /.gitconfig: permission denied
2024/08/07 13:37:33 warning: unsuccessful cred copy: ".git-credentials" from "/tekton/creds" to "/": unable to open destination: open /.git-credentials: permission denied
ERROR: failed to exec as user 1001:1001: operation not permitted

Seems that it needs the root folder for whatever reason.
I've even tried to update the platform to 0.14, didn't help.

This is how it's called.

env:
  - name: CNB_PLATFORM_API
    value: '0.9'
  - name: DOCKER_CONFIG
name: create
resources: {}
args:
  - '-app=/workspace/source/.'
  - '-cache-dir=/workspace/cache'
  - '-cache-image=/workspace/cache'
  - '-uid=1001'
  - '-gid=1001'
  - '-layers=/layers'
  - '-platform=/platform'
  - '-report=/layers/report.toml'
  - '-process-type=web'
  - '-skip-restore=false'
  - '-previous-image=OUR_ARTIFACTORY/backstage-docker-local/bcp-diagnostics-bp-tkn-test:0.1.0.alpha'
  - '-run-image=OUR_ARTIFACTORY/dockerio/paketobuildpacks/run-jammy-full' # <<---MIND THIS, we updated it
  - OUR_ARTIFACTORY/backstage-docker-local/bcp-diagnostics-bp-tkn-test:0.1.0.alpha
command:
  - /cnb/lifecycle/creator
image: OUR_ARTIFACTORY/dockerio/paketobuildpacks/builder-jammy-base
imagePullPolicy: Always
securityContext:
  runAsGroup: 1000
  runAsUser: 1000
volumeMounts:
  - mountPath: /layers
    name: layers-dir
  - mountPath: /platform
    name: empty-dir

Why is it touching the root folder?
The quick fix is obvious, change the security context, but ideally we wounld't do that....