As far as I can tell, typical debian clean-build tools like sbuild, pbuilder, and debspawn cannot be run in docker containers as part of a Bitbucket pipeline because the docker container must be run with some additional capabilities (SYS_ADMIN in particular), which Bitbucket does not support.
What, then, is the recommended or standard approach for building debian packages in a clean, verifiable, and reproducible way as part of a Bitbucket pipeline?