Hassio security & documentation

I am new to Home Assistant. I installed HassIO on a RaspberryPI4 with Raspbian and docker. All the system seems to run fine and I am now playing a bit and trying things.

One of the first things I would like to know better before going on and configuring my devices is security.

I have already set up https/SSL but I don’t quite understand the whole HassIO architecture. I’ve seen that there is a supervisor container that in some way starts another container with Home Assistant itself (+ other containers for add-ons?)

I’ve noticed that files in the config directory are owned by root. Is there a way to start the containers with a different user?

I’ve also noticed that from the HA web interface, I can read the temperature sensor of my RaspberryPi using a simple cat /sys/class/thermal/thermal_zone0/temp. This means that it can access the underlying host system.

What resources are mapped and visible to the containers?
Is there any documentation about what HassIO use on the host system?