In order to be able to run docker images inside docker, we mount the docker socket inside the build container. This offer a security risk, as any CI job is able interact with the docker engine the host.
To mitigate this, one runner is used to build docker images. This runner should be limited to trusted projects.
The other runner can be shared, as it does not get the docker socket.