Murano Agent uses default folder permissions for the
execution plans and scripts. If the default is too permissive
(which is unusual), other users on that machine can trick
the agent to execute malicious execution plans by putting files
into queue folder and use it to get the root privileges.
In most common sense users won't have write permissions to murano-agent
folders. However, they can hijack execution plans and other data
that might contain sensitive information.
This commit sets 0700 mode to the agent runtime folders so that they
can be accessed only by the user that runs the agent (+ the root,
if it's someone else).
Change-Id: I27f0495a509c4d1435d630e2bc5bfdf3549486d5
2468fb5939