Create private key files with umask 177

[lukpueh]

Description of issue or feature request:
Transfer of theupdateframework/python-tuf#279.

According to common practice (see e.g. ssh utilities) private key files should be created with read and write permissions for the user only (umask 177). Securesystemslib's interface.generate_and_write_{rsa, ed25519, ecdsa}_keypair functions should adopt that behavior.

Current behavior:
Private key files are created with the OS' default umask.

Expected behavior:
Private keys files are created with umask 177.

[lukpueh]

I suggest to update securesystemslib.util.persist_temp_file to take an optional octal permissions argument and pass 177 in interface.generate_and_write_{rsa, ed25519, ecdsa}_keypair functions.

[sechkova]

Looking at the issue, I noticed that the intention is

private key files should be created with read and write permissions for the user only

which means file permissions 600 and umask 177 (umask unsets the bits).
Can you confirm that my understanding is correct here?

[lukpueh]

You are absolutely right, @sechkova! Thanks for pointing this out. :)

[joshuagl]

Fixed in #231