Bug#571631: libapache2-mod-shib2: shib-keygen generates world-readable key file

[Scott Cantor]

> Note that we can't just use umask 177 in the Debian version of this script
> since Debian runs shibd as a non-root user and then won't be able to read
> the certificate.  For Debian, we should set the group ownership to the
> shibd user we create and make the file group-readable.

If there's a better patch you'd like upstream for this use case, just add it
to the SP bug report. I'm not shipping it any time soon, so whatever is
easiest.

-- Scott