Ensure bootupd-generated files have CIS-compliant permissions

[Arden97]

This is a follow-up to issue #952.

The CIS compliance framework requires that all files in /boot/grub2/ have a permission mode of 0600 or more restrictive. Currently, /boot/grub2/bootuuid.cfg and /boot/grub2/grubenv are created with mode 0644. This causes failures during compliance scans on RHEL Image Mode systems.

Would it be possible to set the permissions for these files to 0600 as well?

[HuijingHei]

Sure, will make the change in this sprint.