Well, the logic in polkit is, if you have direct physical access to the machine (not SSH, actual keyboard, and so on), in general nothing stops you from just pressing and holding the power button. So giving a local user the right doesn’t make worse.
To disable the behaviour you need to find the appropriate polkit rule in /usr/{lib,share}/polkit-1/rules.d and create a file with the same name in /etc/polkit-1/rules.d pointing to /dev/null.
If you think docker/container are for security, you’re doing it wrong.