I'm not sure if I understand your question exactly, but you can write a plugin to listen to a new route (URL endpoint) or interprocess communication and load and call NodeBB libraries.
You may consider using this plugin Git repo as a bootstrap to get you started quickly. Remember that the plugin.json, package.json, and library.js are the first files to work with. The plugin repo name / directory name will need to match the glob nodebb-plugin-* and it needs to be directly under the node_modules/ directory which is at the root of your NodeBB directory.
@mat-m is spot on, though my perspective is definitely production, not test. Running the leanest container possible has the added benefit of reducing the attack vectors as there is simply less surface for somebody to target. Alpine is specifically designed to be as lightweight as possible and as stripped down as possible.
Do we know who owns the image build process and can s/he weigh in on this?
My best guess is that between .6 and .7, we made the decision to only show a certain set of profile settings. Prior to this change, any plugin could save any data into the user's account hash, which was a potential security vulnerability.
Now, you'll have to register a listener to filter:user.updateProfile, and append the field you want to save.
I think this is what's going on...