I may be overstating the case a bit, but ensuring uid/gid matches on shared volumes (regardless of Docker or otherwise) has always been a manual process. I'm thinking even of the dark days with ORCL db usernames and shared storage volumes. The only wrinkle here is we're talking about a UID/GID set that gets created by the RPM, not by an admin. I've had issues with install order on systems creating UID/GID issues for shared or migrated content for as long as I've been an admin.
The OStree issue seems to be a merge issue, what happens if a locally created entity collides with a system created entity. Install order should always be the same, and if everyone is respecting the standards for system / local UID numbering, the inside the container issue goes back to admin hygene as they stray into complex container environments.
Or am I putting too much on the admin?
-Matt M