There isn’t an easy way to do exactly what you want, but there are two ways to do something very similar:
You could build your own Dockerfile in a preceding pipeline stage, which has the correct USER set, then push that container to the GitLab registry. Then your zap job can run with the new container which has the right user running.
If you are using your own servers / runners, you could use a shell executor and just put docker run -v $(pwd):/zap/wrk/:rw -u root -it my-docker_image in your script.