Data security across data residency restriction boundaries

What is claimed is: 1. A computer-implemented method comprising: profiling a dataset on which a desired analysis is to be performed, with at least some results of the desired analysis to be transferred from one location to another location, the dataset subject to data residency restrictions that restrict transfer of the dataset across a boundary to the another location, the profiling identifying a profile level for the dataset; automatically generating and digitally storing a container image based on the identified profile level for the dataset and the data residency restrictions that restrict the transfer of the dataset across the boundary, the container image configured for instantiation and execution as a container on a container host, execution of the container providing a virtual environment having one or more software applications executing therein for processing the dataset into a reformatted dataset that is not restricted by the data residency restrictions for transfer across the boundary to the another location; instantiating the generated container image on a data processing system at the one location, wherein the instantiating creates an instance of the container and commences execution of the container, the execution of the container comprising executing the one or more software applications; and reformatting the dataset into the reformatted dataset using the instantiated generated container image, including the one or more software applications executing as part of the execution of the container to perform at least some of the reformatting, and transferring the reformatted dataset to the another location. 2. The method of claim 1 , wherein the generated container image is digitally stored in a container registry wherefrom the container image is available for selection and instantiation on the container host. 3. The method of claim 2 , further comprising checking whether an appropriate container for processing the dataset into the reformatted dataset already exists as a container image in the container registry, wherein the automatically generating the container image is performed based on determining that no appropriate container for processing the dataset into the reformatted dataset already exists as a container image in the registry. 4. The method of claim 1 , wherein the container instantiated from the generated container image comprises an input data volume for storing the dataset and an output data volume for storing the reformatted dataset. 5. The method of claim 4 , wherein the generating the container image configures the generated container image such that, based on terminating the container instantiated from the generated container image, data of the input data volume is lost. 6. The method of claim 5 , wherein generating the container image configures the generated container image such that the instantiation of the generated container image includes restrictions that prevent extraction of data from the input data volume out of the container instantiated from the generated container image. 7. The method of claim 4 , further comprising generating a data definition language defining data structures to hold the reformatted dataset in the output data volume. 8. The method of claim 1 , wherein the data processing system comprises a server responsible for a database in which the dataset is stored, and wherein the method further comprises receiving a script by the data processing system and executing the script to perform the profiling and the identifying the profile level for the dataset based on identifying the another location and based on the data residency restrictions that restrict the transfer of the dataset across the boundary. 9. The method of claim 1 , wherein the profiling classifies personally identifiable information of the dataset and determines the profile level for the dataset based on the classified personally identifiable information, and wherein the reformatted dataset has the personally identifiable information removed or aggregated, such that the reformatted dataset does not include the personally identifiable information. 10. The method of claim 1 , wherein the generated container image specifies executable code and dependencies to process the dataset into the reformatted dataset, wherein the reformatting the dataset into the reformatted dataset comprises a portion of the desired analysis of the dataset, and wherein the reformatted dataset comprises the at least some results of the desired analysis for transfer to the another location. 11. The method of claim 1 , wherein the desired analysis is to be performed by processing across the one location and a plurality of additional locations of which the another location is a part, wherein a respective data processing system at each additional location of the plurality of additional locations is to analyze respective intermediate data of the desired analysis, wherein respective data residency restrictions apply to the intermediate data residing at the additional location and restrict transfer of the intermediate data from that additional location across a respective boundary to a next additional location of the plurality of additional locations, and wherein the method further comprises: automatically generating a respective container image for each additional location of the plurality of additional locations, the generated respective container image generated based on (i) an identified profile level of the intermediate data that is to reside at the additional location and on (ii) the data residency restrictions that restrict the transfer of the intermediate data to the next additional location, the generated respective container image being configured for instantiation and execution as a respective container to: receive the intermediate data for processing at that additional location; process the intermediate data into a reformatted intermediate dataset that is not restricted for transfer across the boundary to the next additional location; and transfer, to the generated respective container for the next additional location, the reformatted intermediate dataset as the respective intermediate data for analysis at that next additional location. 12. A computer system comprising: a memory; and a processor in communication with the memory, wherein the computer system is configured to perform a method comprising: profiling a dataset on which a desired analysis is to be performed, with at least some results of the desired analysis to be transferred from one location to another location, the dataset subject to data residency restrictions that restrict transfer of the dataset across a boundary to the another location, the profiling identifying a profile level for the dataset; automatically generating and digitally storing a container image based on the identified profile level for the dataset and the data residency restrictions that restrict the transfer of the dataset across the boundary, the container image configured for instantiation and execution as a container on a container host, execution of the container providing a virtual environment having one or more software applications executing therein for processing the dataset into a reformatted dataset that is not restricted by the data residency restrictions for transfer across the boundary to the another location; instantiating the generated container image on a data processing system at the one location, wherein the instantiating creates an instance of the container and commences execution of the container, the execution of the container comprising executing the one or more software applications; and reformatting the dataset into the reformatted data