Stricter permissions on log files

[FRosner]

Problem

We have some information in our td-agent.conf file that should not be world-readable. The default mode when rendering the config template is 0644, which is world readable.

Proposed Fix

If this is ok for you, I would just limit the mode to 0600 for files and 0700 for the config folder, respectively. They anyway belong to the td-agent user and need to be accessed only by it.

If you think that there are use cases for different modes, we can also make it configurable.

[FRosner]

The build fails with

fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to validate the SSL certificate for packages.treasuredata.com:443. Make sure your managed systems have a valid CA certificate installed. If the website serving the url uses SNI you need python >= 2.7.9 on your managed machine  (the python executable used (/usr/bin/python) is version: 2.7.6 (default, Nov 23 2017, 15:49:48) [GCC 4.8.4]) or you can install the `urllib3`, `pyOpenSSL`, `ndg-httpsclient`, and `pyasn1` python modules to perform SNI verification in python >= 2.6. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible. The exception msg was: [Errno 1] _ssl.c:510: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure."}

Any idea why? Looks unrelated to my change.