Minimize the admission of primary group ID the containers are run with (PSP)

Controls which primary group ID the containers are run with. Do not generally permit primary groups to be run as root. If you need to run root primary groups, this should be defined in a separate PSP and you should carefully check RBAC controls to ensure that only limited service accounts and users are given permission to access that PSP.