Ensure image files are readable to apache

If the umask on undercloud is set as something like `077`, the image
files created with `sudo` will not be readable to `others` including
`apache`, which will cause 403 forbidden during image pulling on
overcloud.

So set the permission explicitly just like we already did for
`make_dir` function.

Change-Id: I0f44b21be981f230abdf9baee4eab747a9a46114

tripleo_common/image/image_export.py

@@ -110,7 +110,9 @@ def export_stream(target_url, layer, layer_stream, verify_digest=True):
                       (image, blob_path))
 
     try:
-        with open(blob_path, 'wb') as f:
+        fd = os.open(blob_path, os.O_WRONLY | os.O_CREAT)
+        os.fchmod(fd, 0o0644)
+        with open(fd, 'wb') as f:
             count = 0
             for chunk in layer_stream:
                 count += 1

tripleo_common/tests/image/test_image_export.py

@@ -90,6 +90,7 @@ class TestImageExport(base.TestCase):
         }
         calc_digest = hashlib.sha256()
         layer_stream = io.BytesIO(blob_compressed)
+        mask = os.umask(0o077)
         layer_digest, _ = image_export.export_stream(
             target_url, layer, layer_stream, verify_digest=False
         )
@@ -106,6 +107,10 @@ class TestImageExport(base.TestCase):
         with open(blob_path, 'rb') as f:
             self.assertEqual(blob_compressed, f.read())
 
+        os.umask(mask)
+        blob_mode = oct(os.stat(blob_path).st_mode)
+        self.assertEqual('644', blob_mode[-3:])
+
     @mock.patch('tripleo_common.image.image_export.open',
                 side_effect=MemoryError())
     def test_export_stream_memory_error(self, mock_open):