As a general rule, almost anything in a container that needs root can (and should) instead just get specific kernel privileges, and then drop them when no longer needed (e.g. ability to listen on reserved ports can be dropped once the listening socket is established). Some software probably does check for being named "root" (or, more likely, for being UID 0; it is only conventional that this used is named "root"), and in that case you may have no choice, but you can use a separate user namespace (as containers frequently do) such that processes running as this user don't have any special permissions outside the container.
With all that said: be aware that, in general, containers are NOT sandboxes. They can be used for sandboxing, but this is neither their main purpose (self-contained deployments, which generally won't trample the rest of the system but aren't designed to prevent code that is explicitly trying to break out the way a sandbox must be) nor the best tool for the job (which generally grants no access or privileges beyond what is explicitly added).
Of course, some software just can't practically be sandboxed, if e.g. its entire purposes is administrative (e.g. SSH server or remote management daemon). Sometimes such software even runs in containers (because, again, sandboxing is not the point, deployments are). In that case, you probably have no option but to run as root, without a separated user namespace, and with at least most kernel privileges enabled. On the other hand, the security model of such software already is "if the attacker compromises this, you're screwed, so here's some strong security controls to prevent that" whereas the security model of e.g. web apps is all too often "sales promised $BIG_CUSTOMER that they'll be able to access their uploaded docs with a fixed, permanent URL and no special authorization needed, and they won't budge on that" and at that point, good security is already out of the question and your goal is to keep it from becoming too much of a disaster, which ideally includes some sandboxing.