The release notes for 5.4.3 [0] mention that sonar can now use setcap to avoid being setuid. I'm not super familiar with Debian packaging yet, but this might be a way to stop being setuid root.
0: https://www.jwz.org/xscreensaver/changelog.html -Will
