Generally, running a Fluent Bit pod does not always require that the container have root privileges, but some features of Fluent Bit if configured do require elevated permissions. 

One reason due to which Fluent Bit has to run as a privileged container for some features is because implementation of such features requires writing to Kubernetes node's filesystem.

Disable such features so that require Fluent Bit container to be run as a privileged container.

Example of one such feature is  - preserveLastProcessedLine. This feature tracks

When preserveLastProcessedLine feature is enabled, Fluent Bit saves this offset information in a file to avoid data loss during restarts or interruptions. This file (SQLLite DB file) is kept on the Kubernetes node, and to write to the Kubernetes node's file system, Fluent has to run as a privileged container.

You can choose to disable this feature by using the following helm parameter when deploying ssp-infra:

--set input.tail.preserveLastProcessedLine.enabled=false