Because all you're really doing is increasing your attack surface and wasting storage space. If you have a need for a specific piece of software, you should be able to identify that and include that in your docker image. Starting with a kitchen sink is only good when you're too lazy to spend an hour to understand what your software depends on.

If you run _same_ application in container with 20MB of files and in container with 2000MB of files, how it can affect attack surface at all? Bytes on disk are just data.

Moreover, if I use standard RPM package to run service using non-root user in limited environment using Systemd, then it will be much less riskier than running same service in container using root user, by order of magnitude less safer.

Container are not solution to problems with security. Much often they are huge security hole.