tmpfiles: use same credstore perms everywhere

In b6033b706028a64e9affb79050ced1ad9a4f5b43 support was added to create
{/etc|/run}/credstore{|.encrypted} via tmpfiles.d with perms 0000. These
perms are so restrictive that not even root can access them unless it
has CAP_DAC_OVERRIDE capability. This is creates the dirs at boot time

In 24039e1207c169b18adf5234ad300ea3ba1b671e support was added to create
/etc/credstore with perm 0700 from meson.build at build time.

This patch makes unifies the two parts:

1. creates both /etc/credstore *and* /etc/credstore.encrypted in both
   places (the build system still won't create them in /run/, since
   that's pointless since not shipped, and the runtime won't create the
   dirs below /usr/lib/, since that's not generically writable anyway).

2. Both at runtime and at build time we'll create the dirs with mode
   0700. This is easier for packaging tools to handle since they
   generally react pretty negatively on dirs they can't enumerate.

1 files changed, 4 insertions, 4 deletions

diff --git a/tmpfiles.d/credstore.conf b/tmpfiles.d/credstore.conf
index fb1ccf82d2..de250f7561 100644
--- a/tmpfiles.d/credstore.conf
+++ b/tmpfiles.d/credstore.conf
@@ -7,7 +7,7 @@
 
 # See tmpfiles.d(5) for details
 
-d /etc/credstore 0000 root root
-d /etc/credstore.encrypted 0000 root root
-z /run/credstore 0000 root root
-z /run/credstore.encrypted 0000 root root
+d /etc/credstore 0700 root root
+d /etc/credstore.encrypted 0700 root root
+z /run/credstore 0700 root root
+z /run/credstore.encrypted 0700 root root