Drone-runner-kube supports for Pod Security Standard or Restricted Pod Security Policy

AFIK there is no way to configure buildpods securitycontext to follow Kubernetes best security practices for untrusted containers . podsecuritycontext and securitycontext in the helm chart only applies to drone-runner-kube pod. policy.yaml doesn’t have an option to setup securitycontext nor .drone.yml for buildbot.

These following must be set in buildbots pod deployment so it passes the requirement for restricted pod security standrad:

        - ALL
      readOnlyRootFilesystem: true
      runAsNonRoot: true
      runAsUser: 1000
      runAsGroup: 1000
      allowPrivilegeEscalation: false
        type: RuntimeDefault

Is there a workaround to apply above securitycontext or am I missing something?

This is really desired feature as buildbot are untrusted and must get very restricted. Buildbots are cause of major security attacks against clusters.