Is it safe to add user to root group?

Adding any user to root group seems like something not safe, but is it? Here is my use case. I have PHP application that connects to Postgres database. Application is dockerized and run in container inside GCP Cloud Run service. Postgres database requires client SSL certificates to connect. I have CA, cert and key files inside GCP Secret Manager. When deploying Cloud Run service I'm mounting those files inside app container as volumes. All files are mounted with owner and group root:root. However, the application is running as www-data:www-data user. Because of this PHP complains that it cannot read the SSL key file. Those files are mounted as read-only and I can only change file mode while mounting, but not ownership. What I did to fix this was changing files mode to 0640 and adding www-data user to root group. All works fine but **is it secure**? App image uses Debian Bookworm as base.