This allows haproxy to read the socket, whilst running as a non-privileged user. The container itself needs to run as root to create the group, but haproxy itself changes its own group after startup.
